Computador infectado por programa espião

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados:  v2014.01.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
V.Andreose :: VANDREOSE-PC [administrador]

Proteção: Não permitir

08/01/2014 21:09:41
mbam-log-2014-01-08 (21-09-41).txt

Tipo de Verificação:  Verificação Completa  (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  434097
Tempo decorrido: 3 hora(s), 12 minuto(s), 32 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 2
HKCU\Software\BrowseSmart (PUP.Optional.BrowseSmart.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\Software\BrowseSmart (PUP.Optional.BrowseSmart.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 37
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Speed Analysis 3\BackgroundHost.exe.vir (PUP.Optional.BestToolbar) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Speed Analysis 3\BackgroundHost64.exe.vir (PUP.Optional.BestToolbar) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Speed Analysis 3\uninst.exe.vir (PUP.Optional.7Go.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\V.Andreose\AppData\Roaming\file scout\filescout.exe.vir (PUP.Optional.FileScout.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\Uninstall Information\Ib\34\4019\ib_uninstall.exe (Adware.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\V.Andreose\Downloads\435-aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\V.Andreose\Downloads\PDF6Setup.exe (Adware.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\V.Andreose\Downloads\photofiltre-711-32-bits.exe (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\V.Andreose\Downloads\PhotoScape_V3-6-5.exe (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\V.Andreose\Downloads\RocketPDFSetup.exe (Adware.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\V.Andreose\Downloads\ZipExtractorSetup (1).exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\V.Andreose\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\$Recycle.Bin\S-1-5-21-1003853256-3550518320-1399660496-1001\$RXIG3K9.exe (PUP.Optional.Installex) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Program Files\DealPly\DealPlyIE.dll (PUP.DealPly) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Program Files\DealPly\DealPlyTune.dll (PUP.Optional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Program Files\DealPly\DealPlyUpdate.exe (PUP.Optional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Program Files\DealPly\DealPlyUpdateRun.exe (PUP.Optional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Program Files\DealPly\DealPlyUpdateVer.exe (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\AppData\Local\Temp\020613_y.exe (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\AppData\Local\Temp\dealply301212.exe (PUP.DealPly) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\AppData\Local\Temp\face.exe (Adware.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\AppData\Local\Temp\FreemakeVideoConverter_4.0.2.18.exe (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\AppData\Local\Temp\Desk365\eInstall\eInstall.exe (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\AppData\Local\Temp\is1275519350\plus-hd-2-3_BR.exe (PUP.Optional.CrossRider) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\AppData\Local\Temp\is701137889\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\AppData\Local\Temp\is701137889\Setup-D502DD2B71B5.exe (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\AppData\Roaming\Desk 365\components\component_libcef_1.1364.1123.exe (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\AppData\Roaming\eIntaller\92A741AC553F48c4BD61CEC6AAFB6887\Desk365.exe (PUP.Optional.E7) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\AppData\Roaming\eIntaller\92A741AC553F48c4BD61CEC6AAFB6887\eXQ.exe (PUP.Optional.Wilsys.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\Downloads\4shared_Desktop_4.0.0_desktop_BaiduThailand.exe (PUP.Optional.4Shared) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\Downloads\Download Tres Historias, Um Destino Dublado.exe (PUP.Optional.PCMega.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\Downloads\Quatro por um - Um Milagre .exe (PUP.Optional.4Shared) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old\Users\VictorAndreose\Downloads\SoftonicDownloader_para_free-video-flip-and-rotate.exe (PUP.Optional.Softonic) -> Enviado para a Quarentena e deletado com sucesso.
C:\zoek_backup\C_Users_V.Andreose_Downloads_SoftonicDownloader_para_combofix.exe.vir (PUP.Optional.Softonic.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\zoek_backup\C_Users_V.Andreose_Downloads_SoftonicDownloader_para_photofiltre-em-portugues-brasil.exe.vir (PUP.Optional.Softonic) -> Enviado para a Quarentena e deletado com sucesso.
C:\zoek_backup\C_Users_V.Andreose_Downloads_SoftonicDownloader_para_photoscape.exe.vir (PUP.Optional.Softonic.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

 Agora está tudo certo. Como está o PC após estas limpezas?

Marcos o pc me parece legal,minha unica dúvida é se o tal espião foi removido.
Quero deixar aqui meu mais sincero agradecimento a você e à todos do Fórum.
E pedir a permissão para repassar o endereço do fórum a todos os meus amigos.
Grande abraço e muitissimo obrigado.

Agradeço muito se você quiser nos ajudar divulgando o Fórum para seus contatos.
_________________

Faça também uma verificação completa com seu antivirus atualizado e remova os problemas que ele encontrar.

minha unica dúvida é se o tal espião foi removido

Para termos maior certeza de que o keylogger foi realmente removido, anexe um log atualizado do OTL e de seu Extras, por gentileza.
_______________________________

Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Przemyslaw Gmerek) e salve-o no Desktop (Área de Trabalho)

*Desative temporariamente o antivírus e feche todos os programas ativos inclusive o seu navegador

*Clique com o botão direito do mouse no GMER e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Se receber um aviso sobre modificações no sistema decorrentes de atividade de rootkit e se deseja fazer um scan clique [NO]

*Clique [Scan], aguarde o término, clique [Save...] e salve no Desktop (Área de Trabalho) com o nome de gmer

*Anexe ou poste o relatório que ele irá gerar.
____________________________________________________________________________________________________________

Acesse [Tens de ter uma conta e sessão iniciada para poderes visualizar este link], clique com o botão direito do mouse na página, selecione Salvar Como... e salve no desktop

*Execute-o.

*Se receber a mensagem Do you want to skip supplementary searches? clique [No]

*Se receber alguma mensagem de erro, clique [OK] e execute-o novamente

*Ao finalizar, surgirá a mensagem All Done!

*Cole ou anexe o relatório Startup Programs(Nome do PC)data.txt criado no desktop

OTL logfile created on: 09/01/2014 13:14:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\V.Andreose\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,61 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 35,88% Memory free
3,21 Gb Paging File | 1,50 Gb Available in Paging File | 46,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 361,10 Gb Free Space | 77,55% Space Free | Partition Type: NTFS

Computer Name: VANDREOSE-PC | User Name: V.Andreose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/01/03 23:44:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\V.Andreose\Downloads\OTL.exe
PRC - [2013/12/19 08:23:36 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/12/19 08:22:54 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013/12/19 08:22:52 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/12/04 00:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/27 12:50:35 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/07/19 13:03:40 | 000,935,936 | ---- | M] (Seekar Ltd) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2012/12/12 17:57:16 | 000,140,128 | ---- | M] (北京悠然天地科技有限公司) -- C:\Program Files (x86)\kuaiyong\DRM\KYDeviceServer.exe
PRC - [2010/11/20 10:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/09/17 18:00:26 | 000,121,456 | ---- | M] (Chicony) -- C:\Program Files (x86)\ChiconyCam\CECAPLF.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/04 00:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013/12/04 00:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 00:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 00:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 00:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/08 11:46:00 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/08/08 11:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/19 08:23:36 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/19 08:22:54 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/12/10 21:12:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/27 12:50:35 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/10/24 14:59:48 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/12 17:57:16 | 000,140,128 | ---- | M] (北京悠然天地科技有限公司) [Auto | Running] -- C:\Program Files (x86)\kuaiyong\DRM\KYDeviceServer.exe -- (KYDeviceServer)
SRV - [2012/09/13 10:59:14 | 000,035,328 | ---- | M] (Realtek Semiconductor Corporation) [Auto | Running] -- C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe -- (RtkBleServ)
SRV - [2012/09/12 18:26:24 | 000,038,912 | ---- | M] (Realtek Semiconductor Corporation) [Auto | Running] -- C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe -- (AvrcpService)
SRV - [2012/08/29 15:40:58 | 000,048,640 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe -- (BTDevManager)
SRV - [2012/07/17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/19 08:23:53 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/12/19 08:23:53 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/12/18 07:11:04 | 000,128,448 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Bprotect.sys -- (Bprotect)
DRV:64bit: - [2013/12/17 07:59:30 | 000,034,624 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfmon.sys -- (Bfmon)
DRV:64bit: - [2013/12/17 07:59:26 | 000,052,032 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfilter.sys -- (Bfilter)
DRV:64bit: - [2013/11/27 12:52:14 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/03/07 17:19:00 | 001,479,312 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/02/05 23:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/08 13:03:34 | 010,283,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/08/08 10:48:22 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/28 01:58:34 | 000,667,792 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtkBtfilter.sys -- (RtkBtFilter)
DRV:64bit: - [2012/05/14 03:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/10 22:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/04/10 22:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/03/01 04:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 06:24:56 | 000,132,624 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010/11/29 05:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 11:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1234795977-403378081-1101111851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-1234795977-403378081-1101111851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 B4 2C 47 C4 A4 CE 01  [binary data]
IE - HKU\S-1-5-21-1234795977-403378081-1101111851-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1234795977-403378081-1101111851-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-1234795977-403378081-1101111851-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-1234795977-403378081-1101111851-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@camfrogweb.com/Camfrog Web Plugin,version=2,0: C:\Program Files (x86)\CFWebAdvancedU2\npcamfrogweb.dll (Camshare Inc.)
FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1: C:\Program Files (x86)\kuaiyong\np_kyplugin.dll (YRTD)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\V.Andreose\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/20 20:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\V.Andreose\AppData\Roaming\mozilla\Extensions
[2014/01/08 16:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\V.Andreose\AppData\Roaming\mozilla\Firefox\Profiles\3dr81bkx.default\extensions
[2013/12/02 00:48:39 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\V.Andreose\AppData\Roaming\mozilla\Firefox\Profiles\3dr81bkx.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013/10/24 14:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/10/24 14:59:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\V.Andreose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\V.Andreose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\V.Andreose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Pesquisa do Google = C:\Users\V.Andreose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\V.Andreose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\V.Andreose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

Hosts file not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [BtServer] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe (Realtek Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [CECAPLF] C:\Program Files (x86)\ChiconyCam\CECAPLF.exe (Chicony)
O4:64bit: - HKLM..\Run: [Chew7Hale] C:\Windows\SysNative\hale.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1234795977-403378081-1101111851-1000..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Seekar Ltd)
O4 - HKU\S-1-5-21-1234795977-403378081-1101111851-1000..\Run: [Facebook Update] C:\Users\V.Andreose\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1234795977-403378081-1101111851-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1234795977-403378081-1101111851-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1234795977-403378081-1101111851-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1234795977-403378081-1101111851-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8:64bit: - Extra context menu item: Enviar imagem para Dispositivo Bluetooth - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar página para Dispositivo Bluetooth - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm ()
O8 - Extra context menu item: Enviar imagem para Dispositivo Bluetooth - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página para Dispositivo Bluetooth - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30E5CCD4-CBB5-4D33-B888-1F5746B5C78A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F426AF9-0E47-44A8-A28A-83578F80695D}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/08 21:01:49 | 000,000,000 | ---D | C] -- C:\Users\V.Andreose\AppData\Roaming\Malwarebytes
[2014/01/08 21:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/08 19:18:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\etc
[2014/01/08 16:21:42 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/01/08 14:36:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/08 13:35:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/04 12:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Log
[2014/01/04 12:05:14 | 000,000,000 | ---D | C] -- C:\Users\V.Andreose\AppData\Roaming\DigitalSites

========== Files - Modified Within 30 Days ==========

[2014/01/09 13:33:31 | 003,300,871 | ---- | M] () -- C:\Windows\SysNative\cwlog.dtl
[2014/01/09 13:11:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/09 13:10:22 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/09 12:42:54 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/09 12:36:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/09 12:36:35 | 1292,943,360 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/09 03:03:09 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1234795977-403378081-1101111851-1000UA.job
[2014/01/08 21:03:07 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1234795977-403378081-1101111851-1000Core.job
[2014/01/08 13:46:49 | 000,010,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/08 13:46:49 | 000,010,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 13:09:06 | 000,000,005 | ---- | M] () -- C:\Users\V.Andreose\AppData\Roaming\WBPU-TTL.DAT
[2014/01/04 13:09:05 | 000,000,099 | ---- | M] () -- C:\Users\V.Andreose\AppData\Roaming\WB.CFG
[2014/01/04 12:09:11 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\config.ini
[2013/12/19 08:23:53 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/12/19 08:23:53 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/12/19 08:23:53 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/12/18 07:11:04 | 000,128,448 | ---- | M] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bprotect.sys
[2013/12/17 07:59:30 | 000,034,624 | ---- | M] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bfmon.sys
[2013/12/17 07:59:26 | 000,052,032 | ---- | M] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bfilter.sys
[2013/12/12 11:11:58 | 001,628,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/12 11:11:58 | 000,703,580 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/12/12 11:11:58 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/12 11:11:58 | 000,146,366 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/12/12 11:11:58 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/12 11:05:13 | 000,276,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 21:12:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 21:12:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2014/01/04 13:09:06 | 000,000,005 | ---- | C] () -- C:\Users\V.Andreose\AppData\Roaming\WBPU-TTL.DAT
[2014/01/04 13:09:05 | 000,000,099 | ---- | C] () -- C:\Users\V.Andreose\AppData\Roaming\WB.CFG
[2013/12/09 01:05:30 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\config.ini
[2013/12/08 12:47:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/08 12:47:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/08 12:47:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/08 12:47:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/08 12:47:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/26 14:24:48 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/08/30 01:37:13 | 001,596,864 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/20 19:25:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/08/20 19:16:58 | 000,000,101 | ---- | C] () -- C:\Windows\OEM.ini
[2013/08/20 19:16:58 | 000,000,020 | ---- | C] () -- C:\Windows\Bison.ini
[2013/08/20 19:11:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/08/20 19:11:57 | 000,036,864 | ---- | C] () -- C:\Windows\runSW.exe
[2013/07/11 19:18:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/07/11 19:18:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/07/11 19:18:14 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/10 17:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009/07/14 02:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 00:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 23:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/07 17:42:09 | 000,000,000 | ---D | M] -- C:\Users\V.Andreose\AppData\Roaming\Baidu Security
[2013/11/10 00:38:02 | 000,000,000 | ---D | M] -- C:\Users\V.Andreose\AppData\Roaming\Camfrog Web
[2014/01/04 12:05:14 | 000,000,000 | ---D | M] -- C:\Users\V.Andreose\AppData\Roaming\DigitalSites
[2013/11/23 14:59:54 | 000,000,000 | ---D | M] -- C:\Users\V.Andreose\AppData\Roaming\kuaiyong
[2013/10/25 11:08:27 | 000,000,000 | ---D | M] -- C:\Users\V.Andreose\AppData\Roaming\PDF6
[2013/09/28 00:10:06 | 000,000,000 | ---D | M] -- C:\Users\V.Andreose\AppData\Roaming\PhotoFiltre 7
[2013/10/02 14:32:48 | 000,000,000 | ---D | M] -- C:\Users\V.Andreose\AppData\Roaming\PhotoScape
[2013/08/28 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\V.Andreose\AppData\Roaming\RocketPDF

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/11/25 20:51:55 | 106,156,080 | ---- | M] ()(C:\Windows\SysWow64\???M) -- C:\Windows\SysWow64\ꥎጕḼM
[2013/11/25 20:51:55 | 106,156,080 | ---- | C] ()(C:\Windows\SysWow64\???M) -- C:\Windows\SysWow64\ꥎጕḼM
[2013/11/22 22:25:04 | 105,792,079 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\୒敪Ḽ•
[2013/11/22 22:25:04 | 105,792,079 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\୒敪Ḽ•
[2013/11/21 20:31:11 | 105,611,834 | ---- | M] ()(C:\Windows\SysWow64\???a) -- C:\Windows\SysWow64\덮Ḽa
[2013/11/21 20:31:11 | 105,611,834 | ---- | C] ()(C:\Windows\SysWow64\???a) -- C:\Windows\SysWow64\덮Ḽa
[2013/11/20 12:23:56 | 105,361,780 | ---- | M] ()(C:\Windows\SysWow64\???w) -- C:\Windows\SysWow64\ﴯ�Ḽw
[2013/11/20 12:23:56 | 105,361,780 | ---- | C] ()(C:\Windows\SysWow64\???w) -- C:\Windows\SysWow64\ﴯ�Ḽw
[2013/11/19 10:57:39 | 105,031,188 | ---- | M] ()(C:\Windows\SysWow64\???_) -- C:\Windows\SysWow64\೓蜁Ḽ_
[2013/11/19 10:57:39 | 105,031,188 | ---- | C] ()(C:\Windows\SysWow64\???_) -- C:\Windows\SysWow64\೓蜁Ḽ_
[2013/11/18 18:09:20 | 104,986,035 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\띳쏋Ḽ
[2013/11/18 18:09:20 | 104,986,035 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\띳쏋Ḽ
[2013/11/17 09:05:57 | 104,641,146 | ---- | M] ()(C:\Windows\SysWow64\???r) -- C:\Windows\SysWow64\ῈꦿḼr
[2013/11/17 09:05:57 | 104,641,146 | ---- | C] ()(C:\Windows\SysWow64\???r) -- C:\Windows\SysWow64\ῈꦿḼr
[2013/11/15 09:00:27 | 104,371,820 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\橠黨ᵌš
[2013/11/15 09:00:27 | 104,371,820 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\橠黨ᵌš
[2013/11/14 17:54:16 | 104,278,918 | ---- | M] ()(C:\Windows\SysWow64\???O) -- C:\Windows\SysWow64\손ﰌᵌO
[2013/11/14 17:54:16 | 104,278,918 | ---- | C] ()(C:\Windows\SysWow64\???O) -- C:\Windows\SysWow64\손ﰌᵌO
[2013/11/14 09:49:17 | 104,200,551 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\嬉⊻ᵌŽ
[2013/11/14 09:49:17 | 104,200,551 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\嬉⊻ᵌŽ
[2013/11/12 21:00:59 | 103,974,937 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䔑ᵇᵌœ
[2013/11/12 21:00:59 | 103,974,937 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䔑ᵇᵌœ
[2013/11/11 18:32:41 | 103,716,811 | ---- | M] ()(C:\Windows\SysWow64\???P) -- C:\Windows\SysWow64\賖ᵌP
[2013/11/11 18:32:41 | 103,716,811 | ---- | C] ()(C:\Windows\SysWow64\???P) -- C:\Windows\SysWow64\賖ᵌP
[2013/11/10 09:38:28 | 103,467,942 | ---- | M] ()(C:\Windows\SysWow64\???5) -- C:\Windows\SysWow64\﩮ḧᵌ5
[2013/11/10 09:38:28 | 103,467,942 | ---- | C] ()(C:\Windows\SysWow64\???5) -- C:\Windows\SysWow64\﩮ḧᵌ5
[2013/11/09 18:01:55 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\묍䩗ᵌG
[2013/11/09 18:01:55 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\묍䩗ᵌG
[2013/11/08 15:40:00 | 103,316,092 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\魓ᵌ
[2013/11/08 15:40:00 | 103,316,092 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\魓ᵌ
[2013/11/07 23:01:58 | 103,000,967 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\釸㷨ᵌŽ
[2013/11/07 14:28:46 | 103,000,967 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\釸㷨ᵌŽ
[2013/11/01 23:17:27 | 104,569,497 | ---- | M] ()(C:\Windows\SysWow64\???^) -- C:\Windows\SysWow64\ᚯປᵌ^
[2013/11/01 19:40:12 | 104,569,497 | ---- | C] ()(C:\Windows\SysWow64\???^) -- C:\Windows\SysWow64\ᚯປᵌ^
[2013/10/31 19:51:18 | 104,433,978 | ---- | M] ()(C:\Windows\SysWow64\???') -- C:\Windows\SysWow64\咾縴ᵌ'
[2013/10/31 19:51:18 | 104,433,978 | ---- | C] ()(C:\Windows\SysWow64\???') -- C:\Windows\SysWow64\咾縴ᵌ'
[2013/10/30 20:33:40 | 104,229,082 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\纶ᵌ
[2013/10/30 20:33:40 | 104,229,082 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\纶ᵌ
[2013/10/29 19:57:54 | 104,021,456 | ---- | M] ()(C:\Windows\SysWow64\???X) -- C:\Windows\SysWow64\⛸펐ᵌX
[2013/10/29 19:57:54 | 104,021,456 | ---- | C] ()(C:\Windows\SysWow64\???X) -- C:\Windows\SysWow64\⛸펐ᵌX
[2013/10/28 18:15:00 | 103,792,972 | ---- | M] ()(C:\Windows\SysWow64\???¨) -- C:\Windows\SysWow64\⾯⮯ᵌ¨
[2013/10/28 18:15:00 | 103,792,972 | ---- | C] ()(C:\Windows\SysWow64\???¨) -- C:\Windows\SysWow64\⾯⮯ᵌ¨
[2013/10/27 14:26:04 | 103,533,600 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\다ꋏᵌŒ
[2013/10/27 14:26:04 | 103,533,600 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\다ꋏᵌŒ
[2013/10/26 19:42:23 | 103,214,166 | ---- | M] ()(C:\Windows\SysWow64\???2) -- C:\Windows\SysWow64\鑘みᵌ2
[2013/10/26 19:42:23 | 103,214,166 | ---- | C] ()(C:\Windows\SysWow64\???2) -- C:\Windows\SysWow64\鑘みᵌ2
[2013/10/25 15:39:14 | 103,054,676 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\섈㧀ᵌŽ
[2013/10/25 15:39:14 | 103,054,676 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\섈㧀ᵌŽ
[2013/10/24 09:18:08 | 102,787,172 | ---- | M] ()(C:\Windows\SysWow64\n??) -- C:\Windows\SysWow64\ｎ桿ᵌ
[2013/10/24 09:18:08 | 102,787,172 | ---- | C] ()(C:\Windows\SysWow64\n??) -- C:\Windows\SysWow64\ｎ桿ᵌ
[2013/10/22 22:16:11 | 102,486,297 | ---- | M] ()(C:\Windows\SysWow64\???7) -- C:\Windows\SysWow64\膾ᵌ7
[2013/10/22 22:16:11 | 102,486,297 | ---- | C] ()(C:\Windows\SysWow64\???7) -- C:\Windows\SysWow64\膾ᵌ7
[2013/10/21 23:32:10 | 102,278,179 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\蝂ោᵌŸ
[2013/10/21 23:32:10 | 102,278,179 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\蝂ោᵌŸ
[2013/10/21 17:32:51 | 102,171,793 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\⻟ᵌ‡
[2013/10/21 17:32:51 | 102,171,793 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\⻟ᵌ‡
[2013/10/21 09:10:53 | 102,130,367 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\첦ᵌˆ
[2013/10/21 09:10:53 | 102,130,367 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\첦ᵌˆ
[2013/10/17 18:35:37 | 101,604,844 | ---- | M] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\䭏㍙ᵌ¢
[2013/10/17 18:35:37 | 101,604,844 | ---- | C] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\䭏㍙ᵌ¢
[2013/10/11 21:59:32 | 100,595,853 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ഐ卍ᵌ–
[2013/10/11 21:59:32 | 100,595,853 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ഐ卍ᵌ–
[2013/10/10 23:16:00 | 100,413,408 | ---- | M] ()(C:\Windows\SysWow64\H???) -- C:\Windows\SysWow64\Ｈ॥ᵌ
[2013/10/10 23:16:00 | 100,413,408 | ---- | C] ()(C:\Windows\SysWow64\H???) -- C:\Windows\SysWow64\Ｈ॥ᵌ
[2013/10/02 20:22:40 | 098,878,632 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\〡ᵌ
[2013/10/02 20:22:40 | 098,878,632 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\〡ᵌ
[2013/09/30 23:01:09 | 098,602,865 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\릧昺ᵌ•
[2013/09/30 23:01:09 | 098,602,865 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\릧昺ᵌ•
[2013/09/28 17:31:08 | 098,442,955 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\踍᭻ᵌ
[2013/09/28 17:31:08 | 098,442,955 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\踍᭻ᵌ
[2013/09/28 12:03:09 | 098,430,869 | ---- | M] ()(C:\Windows\SysWow64\???t) -- C:\Windows\SysWow64\ጱ杏ᵌt
[2013/09/28 12:03:09 | 098,430,869 | ---- | C] ()(C:\Windows\SysWow64\???t) -- C:\Windows\SysWow64\ጱ杏ᵌt
[2013/09/26 21:16:17 | 098,009,570 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\禚뻏ᵌœ
[2013/09/26 21:16:17 | 098,009,570 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\禚뻏ᵌœ
[2013/09/25 19:18:02 | 097,858,179 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\鈾溞ᵌˆ
[2013/09/25 19:18:02 | 097,858,179 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\鈾溞ᵌˆ
[2013/09/25 12:20:46 | 097,729,025 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\ꒃ℃ᵌC
[2013/09/25 12:20:46 | 097,729,025 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\ꒃ℃ᵌC
[2013/09/24 18:38:59 | 097,540,783 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\誼첩ᵌ
[2013/09/24 18:38:59 | 097,540,783 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\誼첩ᵌ
[2013/09/24 12:24:38 | 097,531,747 | ---- | M] ()(C:\Windows\SysWow64\???L) -- C:\Windows\SysWow64\蕿繕ᵌL
[2013/09/24 12:24:38 | 097,531,747 | ---- | C] ()(C:\Windows\SysWow64\???L) -- C:\Windows\SysWow64\蕿繕ᵌL
[2013/09/23 21:40:35 | 098,798,431 | ---- | M] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\䂃꡷ᵌ9
[2013/09/23 21:40:35 | 098,798,431 | ---- | C] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\䂃꡷ᵌ9
[2013/09/23 15:40:39 | 098,685,961 | ---- | M] ()(C:\Windows\SysWow64\??? -- C:\Windows\SysWow64\璂篶ᵌ8
[2013/09/23 15:40:39 | 098,685,961 | ---- | C] ()(C:\Windows\SysWow64\??? -- C:\Windows\SysWow64\璂篶ᵌ8
[2013/09/22 22:29:12 | 098,606,333 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\�憽ᵌC
[2013/09/22 22:29:12 | 098,606,333 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\�憽ᵌC
[2013/09/22 10:00:54 | 098,586,517 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꃬ◆ᵌ˜
[2013/09/22 10:00:54 | 098,586,517 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꃬ◆ᵌ˜
[2013/09/20 21:30:09 | 098,498,750 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\幻澣ᵌ
[2013/09/20 21:30:09 | 098,498,750 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\幻澣ᵌ
[2013/09/19 09:14:42 | 098,352,290 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᠦᵌ•
[2013/09/19 09:14:42 | 098,352,290 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᠦᵌ•
[2013/09/18 21:09:15 | 098,201,083 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\嶴僩ᵌœ
[2013/09/18 21:09:15 | 098,201,083 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\嶴僩ᵌœ
[2013/09/18 09:09:34 | 098,123,923 | ---- | M] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\锠䟒ᵌ6
[2013/09/18 09:09:34 | 098,123,923 | ---- | C] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\锠䟒ᵌ6
[2013/09/17 21:20:36 | 098,071,447 | ---- | M] ()(C:\Windows\SysWow64\???() -- C:\Windows\SysWow64\ᵌ(
[2013/09/17 21:20:36 | 098,071,447 | ---- | C] ()(C:\Windows\SysWow64\???() -- C:\Windows\SysWow64\ᵌ(
[2013/09/15 16:05:50 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뉴ꟻᵌƒ
[2013/09/15 16:05:50 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뉴ꟻᵌƒ
[2013/09/14 21:21:04 | 097,600,188 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\褥봓ᵌ”
[2013/09/14 21:21:04 | 097,600,188 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\褥봓ᵌ”
[2013/09/13 22:15:44 | 097,519,942 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\홗쨘ᵌ˜
[2013/09/13 22:15:44 | 097,519,942 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\홗쨘ᵌ˜
[2013/09/11 21:06:43 | 097,181,529 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\虬⣡ᵌ‡
[2013/09/11 21:06:43 | 097,181,529 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\虬⣡ᵌ‡
[2013/09/11 15:06:20 | 097,170,353 | ---- | M] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\鷽늛ᵌ¢
[2013/09/11 15:06:20 | 097,170,353 | ---- | C] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\鷽늛ᵌ¢

< End of report >

 Ok, faltam só os outros que foram pedidos.

Marcos não estou encontrando o log extras,pode me ajudar a encontra-lo?

Maverickmg escreveu:Marcos não estou encontrando o log extras,pode me ajudar a encontra-lo?

Ele deve estar no seu Desktop (área de trabalho), confira aí por gentileza. Ou se não estiver no Desktop, pode estar neste local:
C:\Users\V.Andreose\Downloads

Marcos é impressionante mais o log extras nao está em lugar nenhum
o que eu faço?

Maverickmg escreveu:Marcos é impressionante mais o log extras nao está em lugar nenhum
o que eu faço?

Você pode executar o procedimento novamente com o OTL e ele irá criar um outro extras, aí você posta ele.

OTL Extras logfile created on: 09/01/2014 15:28:36 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\V.Andreose\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,61 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 58,50% Memory free
3,21 Gb Paging File | 1,65 Gb Available in Paging File | 51,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 360,93 Gb Free Space | 77,51% Space Free | Partition Type: NTFS

Computer Name: VANDREOSE-PC | User Name: V.Andreose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1234795977-403378081-1101111851-1000\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077AB424-6378-41ED-8632-CC2E2216499D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{08CE38D4-F1A7-4E29-8264-12EEC6132EE8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08FF1B68-389A-4E67-BCA8-35EBF1147899}" = rport=139 | protocol=6 | dir=out | app=system |
"{0B8F2DFB-52EC-4E32-82D5-1A0407927892}" = lport=445 | protocol=6 | dir=in | app=system |
"{1F37BEA6-69C0-4D99-8333-3CC5D84F8D5A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{274865CE-FA11-478B-A21E-1A8CF0DFBE56}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{35CBCCB6-559B-4604-841B-EC012EDE9C95}" = rport=445 | protocol=6 | dir=out | app=system |
"{50CC6A29-B236-4DD8-AC93-46C759E7BF03}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5AA5E5B2-2B27-44EF-A928-8651E11DA081}" = rport=137 | protocol=17 | dir=out | app=system |
"{6D69F6D9-4349-4694-BC5A-2F0E36349474}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BEE99F0-CF70-481D-A0A8-E6FCA84FE332}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E871971-A680-43C8-861E-AC8832BA66F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D8CAA4F-9DB2-4730-8C45-E1020EA0EA7E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AC9C6045-FB91-4933-BB55-DC17AB958140}" = lport=138 | protocol=17 | dir=in | app=system |
"{B923F5CF-ECAB-4FCE-916C-EBFD0C1FFE80}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC0D8D4D-06BF-4B29-90DC-EA2559DF0289}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C2BD5B80-B01F-4BE6-9BA6-BD723339630E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D62F08DA-0E5C-470B-ABE0-D607905D91DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE82E8E0-2548-4480-82B9-A4A9D3A331DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1009D9D-31FD-44CA-9FD9-8130FB12E598}" = lport=139 | protocol=6 | dir=in | app=system |
"{E455BDF1-6454-4EB1-984D-B6FD96A9DAB3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4C6D2EE-0E72-487E-8234-92994FC6B825}" = rport=138 | protocol=17 | dir=out | app=system |
"{E5958FE6-42F2-4FD9-9DC8-0A7DD2504484}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EC714FE8-D251-49A7-A7E5-72DC36D88A0B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060E167E-7E92-4BBD-BFDF-71CFF3BB8B6C}" = dir=in | app=c:\users\v.andreose\appdata\local\microsoft\skydrive\skydrive.exe |
"{06C1E19F-858F-4C23-A221-EF0189EA6DBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{07ED08BB-947D-47D0-BF9A-D7E0C573A704}" = dir=in | app=c:\users\v.andreose\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{09F146A1-3B7F-402D-BE69-CF970077A242}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{220503EE-5695-4B2E-9845-C788B8F14DDF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{27067214-AA76-4415-81DC-E1B5E3CC270D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2C99666C-80E2-41C6-A584-8D0FC90AC7EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3527CF48-B726-4594-97D8-9B04538E65D2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{35BEB2F1-4EC8-4CEA-825C-206548F5D1E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3710B134-2789-4EA4-818F-6BFA591A01DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53B8D716-41DB-45B9-9374-BC9CFFB59826}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5F949AA2-1880-4DCA-BC4A-B3F43D80225E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{646D5CF5-9B8A-45EA-AE52-EAF456091862}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6BBEE6EE-4FF9-46D0-8964-40F3478CF5FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75B8959F-5BC2-4F81-904C-936DD00A72E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{77E1DF90-D921-4F68-9D35-7A289CDDB39A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7D6E1A3A-BC8A-420D-AEFE-D3A534593678}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C975C19-63F4-43D0-AD69-F81B8B027F57}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{93A77F31-AFE9-45E3-8C68-DA5A611698AB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{94C238E6-4A44-43CB-BB68-D14B817C0DE2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9863357F-D36B-4004-8D22-9DDDAAEF0216}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9D699CB2-CE92-4825-BB38-38FF4C54D923}" = protocol=6 | dir=out | app=system |
"{9D96C618-7AED-4079-BF0C-1A24DA1FAA59}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A15488FD-6CA9-498E-A06A-9F66C26F6F93}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A5167A88-4405-4E5D-B9D5-69DDE726462D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE90382A-657A-414D-A785-58D55161F798}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C261B8FA-F6A9-4CA4-91F7-3E3BF2AC1DE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2BFB820-83B6-48A0-A073-8965B6D536CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3A45057-84FD-4C3B-AA18-CEB888A6E34B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ECA77073-6C1F-42F3-B2F1-05223F89A4FA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{70091D51-883D-409A-9F24-D854B420000D}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{91EB1803-6B31-4394-9198-D69C389D3F53}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"TCP Query User{FC2A438F-B734-460E-80F3-ABB817F7877A}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{81B7DFDD-83E8-4F2E-8FB4-7B69CB5F4804}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{90AB7611-BEDF-4D8D-A025-5D0488EB0780}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{FAF8CFF7-5DCA-48CA-A7D4-0950E53FAF46}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0109632E-8974-BFD3-2A0D-4BEA6771C2E0}" = AMD Media Foundation Decoders
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{748DA9C2-A53F-B461-93B0-67BA5E52B70C}" = AMD Accelerated Video Transcoding
"{79FFE0CE-5869-AFD0-AE8C-52ACD2F998B1}" = AMD Catalyst Install Manager
"{812B76CD-16C5-539D-5EB9-D4B5B5B1A62D}" = AMD Fuel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{93A15C3B-2728-1F7C-22CC-69A4DC449886}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"48B67477476CF9D9282F22FD433FDD6012293F62" = Pacote de Driver do Windows - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/26/2012 1.3.610.1)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 5.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003FECD5-430A-6289-6F3E-180414DB6BB3}" = CCC Help Japanese
"{012CBD7F-A194-4F34-B02A-713DA8C10735}" = Movie Maker
"{025E08E8-B555-4579-8FEB-C43692FB8371}" = Catalyst Control Center Graphics Previews Common
"{03BF15DD-A43B-1DA7-F52E-0804E3CAAA1B}" = CCC Help Russian
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{04C62895-9035-7FD1-F606-79C16DA4F9BE}" = CCC Help Greek
"{087E85FC-737F-CBBB-2655-0B705E2DD9FD}" = CCC Help Norwegian
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1998BD95-54C6-4F31-8D85-FE9FCF5DE51D}" = Galeria de Fotos
"{1A75C729-924B-1F77-6B6B-71B5504D7CA0}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF16BDD-A13C-8B9E-0CE2-6992C13C2886}" = AMD VISION Engine Control Center
"{2A14D7BC-1876-4B38-830B-18856C27F550}" = WebCam Installer
"{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1" = ¿ìÓÃÆ»¹ûÖúÊÖ 2.0.1.0
"{3793DA00-77DB-0594-0A47-EB0347F3D654}" = CCC Help Dutch
"{39B7CE5E-BB47-D0BE-1F3F-CD88D6750391}" = CCC Help Chinese Standard
"{3CDD171D-1AAC-58EA-7A19-A3B13967591B}" = CCC Help Thai
"{41564952-412D-5637-00A7-A758B70C0A00}" = Avira SearchFree Toolbar
"{41B61801-A335-D0C0-5C42-EAB430CDB469}" = CCC Help Italian
"{431889E4-F920-C85E-A743-5192F7106DB3}" = CCC Help German
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Suporte para Aplicativos Apple
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50740ADD-E05C-32CE-252B-A4CF67AF1243}" = Catalyst Control Center Localization All
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54398E78-431B-41A0-A8F2-3600D5A1290C}" = Windows Live Messenger
"{56E09C8A-4F24-4E39-999D-FB48CC981184}" = Photo Common
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{7116FA24-DDDF-4E50-A44E-46BB93951E99}" = Windows Live Writer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{863A2C4E-047D-4137-BF99-57D21C1A1AC7}_is1" = Curriculum 3.1 versão 3.1.0.6
"{89D98C58-FCE4-C99F-6235-FCEC59F8952E}" = CCC Help Swedish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E8688D3-49F0-4FD4-A3F7-C1C789891752}" = Windows Live Writer Resources
"{95456299-F89B-FCFD-E0EB-080DC5F807BD}" = CCC Help English
"{968413B6-B4C0-5F5A-D5F3-8B1623FC0D93}" = CCC Help French
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A5EF-4123-B2B9-172095903AB}" = REALTEK Bluetooth Driver
"{9DAABC60-A5EF-41FF-B2B9-17329590CD5}" = REALTEK Wireless LAN Driver
"{A2201542-DA80-457F-8BD9-6C9C90196481}" = ChiconyCam
"{A448442B-8E20-3F3A-326C-3BC42812DFB2}" = CCC Help Hungarian
"{A4F8D37B-E61B-1BFC-6EC8-A643B5454B32}" = CCC Help Turkish
"{A7414C06-9D9B-15E0-79A4-383D752FC04D}" = CCC Help Spanish
"{A7EDC0DA-918B-0D20-D9BD-AA37B40DD467}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AEA7CAEB-D54B-4DDD-8A68-1288A384A4F4}" = Catalyst Control Center - Branding
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B4DCD360-EAAD-3E2A-221C-B246BA16DBE3}" = CCC Help Polish
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA543966-1186-2A7F-79A8-3529AC2956F3}" = CCC Help Finnish
"{BA7E82AC-1EF4-4A20-A096-E7997B9334D2}" = Windows Live Family Safety
"{C14B4934-B9F1-A635-D77C-187B831F20FA}" = Catalyst Control Center Profiles Mobile
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CC486856-165E-236B-55CC-2CE521D83861}" = Catalyst Control Center InstallProxy
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3A7E344-4732-4340-9E90-C3EB372711CD}" = Windows Live UX Platform Language Pack
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{DD82B035-DBFD-D235-C792-BBE3180EDA01}" = CCC Help Chinese Traditional
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E227781E-2D8A-4C22-890C-2A07F4B2D266}" = Windows Live Mail
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E6FEFE9A-73C3-457B-ADF0-9865FFC5B3B3}" = Windows Live Essentials
"{EA1D92C8-FD3F-675D-081F-4A00DAECAF8C}" = CCC Help Danish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{FB9AB10F-5FB0-E397-C444-49D2F9521330}" = CCC Help Czech
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ares" = Ares 2.2.5
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"CFWebAdvancedU2" = Camfrog Web Advanced 2.0 ActiveX Plugin (remove only)
"Google Chrome" = Google Chrome
"InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}" = WebCam Installer
"Mozilla Firefox 24.0 (x86 pt-BR)" = Mozilla Firefox 24.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"PokerStars.net" = PokerStars.net
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1234795977-403378081-1101111851-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/01/2014 19:03:12 | Computer Name = VAndreose-PC | Source = Application Hang | ID = 1002
Description = O programa mbam.exe versão 1.75.0.1 parou de interagir com o Windows
e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
o histórico de problemas no painel de controle da Central de Ações.    ID de Processo:
1020    Hora de Início: 01cf0cc5a729ac0c    Hora de Término: 28    Caminho do Aplicativo: C:\Program
Files (x86)\Malwarebytes' Anti-Malware\mbam.exe    Id do Relatório: 06164489-78b9-11e3-bf39-0040a727fb4d


Error - 09/01/2014 10:37:20 | Computer Name = VAndreose-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 09/01/2014 10:37:20 | Computer Name = VAndreose-PC | Source = Bonjour Service | ID = 100
Description = 460: ERROR: read_msg errno 0 (A operação foi concluída com êxito.)

Error - 09/01/2014 10:51:53 | Computer Name = VAndreose-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 09/01/2014 10:51:53 | Computer Name = VAndreose-PC | Source = Bonjour Service | ID = 100
Description = 292: ERROR: read_msg errno 0 (A operação foi concluída com êxito.)

Error - 09/01/2014 11:07:41 | Computer Name = VAndreose-PC | Source = Application Hang | ID = 1002
Description = O programa avscan.exe versão 14.0.2.254 parou de interagir com o Windows
e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
o histórico de problemas no painel de controle da Central de Ações.    ID de Processo:
fa0    Hora de Início: 01cf0d4c3d7718b2    Hora de Término: 11176    Caminho do Aplicativo:
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe    Id do Relatório: bdad9a57-793f-11e3-8c19-0040a727fb4d


[ System Events ]
Error - 09/01/2014 01:02:56 | Computer Name = VAndreose-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Falha na Instalação: o Windows não pôde instalar a seguinte atualização
com o erro 0x80070643: Internet Explorer 11 para Windows 7 para sistemas com base
em x64.

Error - 09/01/2014 01:57:31 | Computer Name = VAndreose-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error - 09/01/2014 01:57:35 | Computer Name = VAndreose-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error - 09/01/2014 01:59:53 | Computer Name = VAndreose-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Falha na Instalação: o Windows não pôde instalar a seguinte atualização
com o erro 0x80070643: Internet Explorer 11 para Windows 7 para sistemas com base
em x64.

Error - 09/01/2014 10:37:10 | Computer Name = VAndreose-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error - 09/01/2014 10:37:11 | Computer Name = VAndreose-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error - 09/01/2014 10:40:00 | Computer Name = VAndreose-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error - 09/01/2014 10:42:52 | Computer Name = VAndreose-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 09/01/2014 10:44:13 | Computer Name = VAndreose-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error - 09/01/2014 10:44:14 | Computer Name = VAndreose-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o arquivo de hosts locais.


< End of report >

Acesse [Tens de ter uma conta e sessão iniciada para poderes visualizar este link], clique com o botão direito do mouse na página, selecione Salvar Como... e salve no desktop

*Execute-o.

*Se receber a mensagem Do you want to skip supplementary searches? clique [No]

*Se receber alguma mensagem de erro, clique [OK] e execute-o novamente

*Ao finalizar, surgirá a mensagem All Done!

*Cole ou anexe o relatório Startup Programs(Nome do PC)data.txt criado no desktop

caro amigo antonio,o link que me passou abre uma pagina,eu salvo ela no desktop,mais ela nao tem como executar

"Silent Runners.vbs", revision 69.2, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Operating System: Microsoft Windows 7 Professional Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Facebook Update = "C:\Users\V.Andreose\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [Facebook Inc.]
ares = "C:\Program Files (x86)\Ares\Ares.exe" -h [Seekar Ltd]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
CECAPLF = C:\Program Files (x86)\ChiconyCam\CECAPLF.exe [Chicony]
BtServer = "C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [Realtek Semiconductor Corporation]
Chew7Hale = "C:\Windows\System32\hale.exe" /nolog [Newline Security Technology]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]
avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [Avira Operations GmbH & Co. KG]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
 -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                  \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
 -> {HKLM...Wow...CLSID} = Auxiliar de Conexão de Conta da Microsoft
                        \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
 -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                  \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
 -> {HKLM...Wow...CLSID} = Auxiliar de Conexão de Conta da Microsoft
                        \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A}
 -> {HKCU...CLSID} = UpToDateOverlayHandler Class
                  \InProcServer32\(Default) = C:\Users\V.Andreose\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS]

SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}
 -> {HKCU...CLSID} = SyncingOverlayHandler Class
                  \InProcServer32\(Default) = C:\Users\V.Andreose\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS]

SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524}
 -> {HKCU...CLSID} = ErrorOverlayHandler Class
                  \InProcServer32\(Default) = C:\Users\V.Andreose\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A}
 -> {HKCU...Wow...CLSID} = UpToDateOverlayHandler Class
                        \InProcServer32\(Default) = C:\Users\V.Andreose\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]

SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}
 -> {HKCU...Wow...CLSID} = SyncingOverlayHandler Class
                        \InProcServer32\(Default) = C:\Users\V.Andreose\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]

SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524}
 -> {HKCU...Wow...CLSID} = ErrorOverlayHandler Class
                        \InProcServer32\(Default) = C:\Users\V.Andreose\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{FB451ACC-65B5-456a-A84E-6F9B8B75B077} = KyShellExt
 -> {HKLM...CLSID} = Æ»¹ûÉ豸¹ÜÀí
                  \InProcServer32\(Default) = C:\Program Files (x86)\kuaiyong\DRM\shellext64.dll [悠然天地科技有限公司]

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
 -> {HKLM...CLSID} = Shell Extension for Malware scanning
                  \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{FB451ACC-65B5-456a-A84E-6F9B8B75B077} = KyShellExt
 -> {HKLM...Wow...CLSID} = Æ»¹ûÉ豸¹ÜÀí
                        \InProcServer32\(Default) = C:\Program Files (x86)\kuaiyong\DRM\shellext.dll [悠然天地科技有限公司]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<> BootExecute = autocheck autochk *| [file not found]|sdnclean64.exe [file not found]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

BtSendToMenuEx\(Default) = {CF24E6B8-F148-4BCB-9108-ADF313966E80}
 -> {HKLM...CLSID} = BtSendToMenuEx Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [Realtek Semiconductor Corporation]

Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
 -> {HKLM...CLSID} = Shell Extension for Malware scanning
                  \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
 -> {HKLM...CLSID} = WinRAR
                  \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
 -> {HKLM...Wow...CLSID} = WinRAR
                        \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
 -> {HKLM...CLSID} = SimpleShlExt Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

KyShellExt\(Default) = {FB451ACC-65B5-456a-A84E-6F9B8B75B078}
 -> {HKLM...CLSID} = ¿ìÓÃÀ©Õ¹
                  \InProcServer32\(Default) = C:\Program Files (x86)\kuaiyong\DRM\shellext64.dll [悠然天地科技有限公司]
 -> {HKLM...Wow...CLSID} = ¿ìÓÃÀ©Õ¹
                        \InProcServer32\(Default) = C:\Program Files (x86)\kuaiyong\DRM\shellext.dll [悠然天地科技有限公司]

Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
 -> {HKLM...CLSID} = Shell Extension for Malware scanning
                  \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
 -> {HKLM...CLSID} = WinRAR
                  \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
 -> {HKLM...Wow...CLSID} = WinRAR
                        \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
 -> {HKLM...CLSID} = WinRAR
                  \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
 -> {HKLM...Wow...CLSID} = WinRAR
                        \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoLowDiskSpaceChecks = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

EnableLUA = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\V.Andreose\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
 -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                  \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
 -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                  \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

 Nada de anormal foi detectado, o PC está seguro.

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)

*Depois disto é só executá-lo, deixar selecionadas as opções Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique em [Run]

Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt

Um abraço!  

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.