Remover o qone8 do pc

Olá pessoal! Preciso desinstalar o qone8. Porém ele não aparece entre os programas instalados . No entanto quando abro o chrome e o firefox ele aparece como página principal de busca. No Chrome consigo encerrar ele clicando em finalizar tarefa , mas gostaria de removê-lo do pc. Grata pela ajuda.

Oi Dani. Seja bem vinda ao Fórum PC Brasil.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Segue o log :

AdwCleaner v3.023 - Relatório criado 04/04/2014 às 18:38:31
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows Vista (TM) Starter (32 bits)
# Usuário : Ursula - DANIELE-PC
# Executando de : C:\Users\Ursula\Downloads\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****

Serviço Encontrado : savesenselive
Serviço Encontrado : savesenselivem

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Program Files\Mozilla Firefox\browser\searchplugins\qone8.xml
Arquivo Encontrado : C:\Windows\System32\Tasks\SaveSense
Arquivo Encontrado : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
Arquivo Encontrado : C:\Windows\Tasks\SaveSense.job
Arquivo Encontrado : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Pasta Encontrado : C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\Extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}
Pasta Encontrado : C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\Extensions\quick_start@gmail.com
Pasta Encontrado C:\Program Files\Mobogenie
Pasta Encontrado C:\Program Files\SaveSenseLive
Pasta Encontrado C:\ProgramData\boost_interprocess
Pasta Encontrado C:\ProgramData\House Of Soft
Pasta Encontrado C:\ProgramData\SaveSenseLive
Pasta Encontrado C:\Users\Ursula\AppData\Local\genienext
Pasta Encontrado C:\Users\Ursula\AppData\Local\Mobogenie
Pasta Encontrado C:\Users\Ursula\AppData\Local\SaveSense
Pasta Encontrado C:\Users\Ursula\AppData\Local\SaveSenseLive
Pasta Encontrado C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Pasta Encontrado C:\Users\Ursula\AppData\Roaming\newnext.me
Pasta Encontrado C:\Users\Ursula\AppData\Roaming\SaveSense
Pasta Encontrado C:\Users\Ursula\Documents\Mobogenie

***** [ Atalhos ] *****

Atalho Encontrado : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Ursula\Desktop\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Ursula\Desktop\Launch Internet Explorer Browser.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )

***** [ Registro ] *****

Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Encontrada : HKCU\Software\SaveSenseLive
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Encontrada : HKLM\Software\DealPlyLive
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\SaveSense
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\SaveSenseLiveUpdateTaskMachineCore
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34B797BE-C330-442B-8425-ACFE756D010A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42BA17AD-55C6-42CF-B5A3-0B38705DC0A3}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42BA17AD-55C6-42CF-B5A3-0B38705DC0A3}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDAAB638-7BE5-4179-B962-85DA324C6A4E}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Encontrada : HKLM\Software\qone8Software
Chave Encontrada : HKLM\Software\SaveSenseLive
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "C:\Program Files\Mozilla Firefox\firefox.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Valor Encontrada : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Valor Encontrada : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]

***** [ Navegadores ] *****

-\\ Internet Explorer v7.0.6000.16982

Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\prefs.js ]

Linha encontrada : user_pref("browser.newtab.url", "hxxp://start.qone8.com/newtab/?type=nt&ts=1395884276&from=smt&uid=MAXTORXSTM380815AS_5QZ5XWQHXXXX5QZ5XWQH");

-\\ Google Chrome v33.0.1750.154

[ Arquivo : C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8295 octets] - [04/04/2014 18:38:31]

No log do AdwCleaner está constando que você só usou a função de Examinar.

Logo após examinar, é preciso clicar no botão Limpar para que os problemas sejam removidos. Depois de fazer isto, poste aqui o novo log que ele irá criar.

Fiz conforme solicitado.
Examinei novamente, limpei e reiniciei no modo de segurança com rede. No entanto não apareceu o relatorio de log.
Então examinei novamente. Não havia nada para limpar. Selecionei mesmo assim a opção e reiniciei no modo normal.
Ao iniciaro windows apareceu várias janelas dizendo que algumas funções não puderam ser concluídas devido a existência de vírus.
Logo atrás das janelas o log do AdClear.
Tentei entrar no Chrome para postar mas meu pc reinicia sozinho. Só está entrando em modo de segurança.
Segue abaixo o log :

# AdwCleaner v3.023 - Relatório criado 04/04/2014 às 19:18:12
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows Vista (TM) Starter (32 bits)
# Usuário : Ursula - DANIELE-PC
# Executando de : C:\Users\Ursula\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v7.0.6000.16982


-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ Arquivo : C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8435 octets] - [04/04/2014 18:38:31]
AdwCleaner[R1].txt - [8584 octets] - [04/04/2014 18:50:52]
AdwCleaner[R2].txt - [1095 octets] - [04/04/2014 19:01:40]
AdwCleaner[R3].txt - [1215 octets] - [04/04/2014 19:17:30]
AdwCleaner[S0].txt - [6633 octets] - [04/04/2014 18:52:15]
AdwCleaner[S1].txt - [1154 octets] - [04/04/2014 19:02:32]
AdwCleaner[S2].txt - [1134 octets] - [04/04/2014 19:18:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1194 octets] ##########

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Faça uma verificação completa com ele > Remova os problemas que ele encontrar > Depois disto poste o log que ele irá criar em sua próxima resposta.

Segue log malwarebytes:

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Scan Date: 04/04/2014
Scan Time: 20:43:09
Logfile: log malware.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.04.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: Ursula

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294237
Time Elapsed: 41 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 32
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, No Action By User, [5702fe28a9d2e353163029e4c63c33cd],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, No Action By User, [5702fe28a9d2e353163029e4c63c33cd],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, No Action By User, [5702fe28a9d2e353163029e4c63c33cd],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAVESENSELIVE.EXE, No Action By User, [cb8e4ed8f784d85e4d4830340df4936d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9, No Action By User, [67f21e08e497f73f04070b88a75c7789],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine, No Action By User, [adaccb5b1a617bbb94774c477f846d93],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, No Action By User, [e9705ccab4c7a6909b70484bf3101ee2],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3, No Action By User, [3b1e0620bcbfd5619972d0c3e91a47b9],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync, No Action By User, [cc8d2afc3b4044f2e12aeaa93bc829d7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, No Action By User, [e07986a0e19ad26458b3761d877c1ae6],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass, No Action By User, [4019230387f4bc7a1fec237018eb10f0],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, No Action By User, [b1a8939335468fa73ccfa6edba4901ff],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass, No Action By User, [ec6d4cda0972b68055b6fe95669d8a76],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, No Action By User, [6eeb5bcbc2b960d67794652e59aa29d7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine, No Action By User, [7cdda77fa1da3cfa4ac1098a50b3d22e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, No Action By User, [c49527ff4d2e91a530dbfb98a26160a0],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine, No Action By User, [b2a7f630394290a6c14a662dfd06b749],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, No Action By User, [b9a03aec5f1cfb3bdd2ee8ab47bc38c8],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback, No Action By User, [1e3b66c0255674c2a863563d1fe448b8],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, No Action By User, [2732ba6cc7b46acc17f42b6853b09769],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher, No Action By User, [6feae14547344ceae526b1e215ee9070],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, No Action By User, [db7e3bebd8a358deb05bd5be46bdd729],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, No Action By User, [f66359cdcead25117992c8cba65d4db3],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, No Action By User, [abae42e42358cd69bb50aae918eb35cb],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine, No Action By User, [28316db9e69555e1e625474ce41f7c84],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, No Action By User, [1742a58114670b2b46c5573c709335cb],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback, No Action By User, [7edb6bbb80fb7abcc04b3b58b84bd22e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, No Action By User, [a7b2899dc5b6bf777497068dde258b75],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, No Action By User, [db7edb4b85f675c1a06b177c8b78c838],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, No Action By User, [cc8de83e9fdc57df709b8e0563a0c43c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exe, No Action By User, [332634f22952d85ece3c7e15788b9f61],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-134228104-2085873779-558425676-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSense, No Action By User, [adaccd593546e4527e8e0192ab581ee2],

Registry Values: 0
(No malicious items detected)

Registry Data: 5
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),No Action By User,[d88186a05a21ba7cd17148c76f95eb15]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),No Action By User,[f36645e15e1d92a453f10c031fe53bc5]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),No Action By User,[87d245e16d0ef145f94a6ca3828225db]
PUM.Hijack.HomePageControl, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),No Action By User,[75e4fb2b6a11f1456860b7585fa59070]
Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),No Action By User,[4d0cff272f4c2f07ed1967ab23e15ea2]

Folders: 0
(No malicious items detected)

Files: 14
Trojan.Downloader, C:\Users\Ursula\AppData\Local\Temp\setup4.exe, No Action By User, [55044bdb9cdf3402260514520cf5d12f],
PUP.Optional.SkyTech.A, C:\Users\Ursula\AppData\Local\Temp\smt_qone8.exe, No Action By User, [cc8d7bab49327bbbe5e0430ba958629e],
PUP.Optional.SkyTech.A, C:\Users\Ursula\AppData\Local\Temp\fullpackage_temp1395884254\alilog.dll, No Action By User, [2b2ea482d0ab0b2b26ec9e94bb4556aa],
PUP.Optional.SkyTech.A, C:\Users\Ursula\AppData\Local\Temp\fullpackage_temp1395884254\package1.zip, No Action By User, [dc7daa7c5922cd69e03254dec838fb05],
PUP.Optional.NextLive.A, C:\Users\Ursula\AppData\Local\Temp\is266766283\4614587_stp\Mobogenie_Setup_UN.exe, No Action By User, [e97040e67dfe5ed8947ed37ad0310ff1],
PUP.Optional.SaveSense.A, C:\Users\Ursula\AppData\Local\Temp\is701137889\8712233_stp\sas.exe, No Action By User, [ef6aad79ea91072f4fb483b854addc24],
PUP.Optional.SaveSense.A, C:\Users\Ursula\AppData\Local\Temp\{82B1BD74-2029-46E1-93F6-E0AF2BD3230D}\o-update\SaveSenseLive.exe, No Action By User, [cb8e4ed8f784d85e4d4830340df4936d],
PUP.Optional.PCMega.A, C:\Users\Ursula\Downloads\Alanis morissette  empathy  mp3 (1).exe, No Action By User, [1f3a9a8cb6c5ff373c678720a75cec14],
PUP.Optional.PCMega.A, C:\Users\Ursula\Downloads\Alanis morissette  empathy  mp3.exe, No Action By User, [d1886db90d6e16207231b9eefd06639d],
PUP.Optional.OpenCandy, C:\Users\Ursula\Downloads\format-factory-3.2.1.exe, No Action By User, [0c4d49dd6b10fc3a15a6cd6ad43053ad],
PUP.Optional.InstallCore.A, C:\Users\Ursula\Downloads\msn-messenger-2009-32-bits.exe, No Action By User, [095038eebcbfc670b2613b70b74c768a],
PUP.Optional.Somoto, C:\Users\Ursula\Downloads\VDownloaderInstallerIC_downloader-dAxODgKB.exe, No Action By User, [b7a23ee884f770c68b7cffab0ef56799],
PUP.Optional.QuickStart.A, C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, No Action By User, [f960e73f4635ea4c4f4270ef0ef4f30d],
PUP.Optional.SaveSense, C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job, No Action By User, [342577af86f57db9a227434f976ce917],

Physical Sectors: 0
(No malicious items detected)


(end)

Ele encontrou vários problemas, mas está constando que ainda não foram removidos. Selecione todos os problemas encontrados pelo Malwarebytes > Remova todos eles e depois poste o novo relatório que ele irá criar.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 04/04/2014
Hora da Verificação: 21:26:43
Logfile: Log malwarebyte.txt
Administrador: Sim

Versão: 2.00.1.1004
Malware Database: v2014.04.04.11
Rootkit Database: v2014.03.27.01
Licença: Trial
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Chameleon: Desabilitado

OS: Windows Vista
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Ursula

Tipo da Verificação: Verificar Ameaça
Resultado: Completado
Arquivos Verificados: 294586
Tempo Decorrido: 29 min, 14 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 31
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAVESENSELIVE.EXE, Quarantined, [2536cd596516a3936335ed771ce58c74],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [5506e541abd02610b765e6adc63d7a86],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine, Quarantined, [22397ea8e19adf57001c93004eb59c64],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [80dbff270b7075c1ed2f8a09d62dd62a],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [02596eb8adce1b1bd04c0c87b84b6997],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync, Quarantined, [c2999294c1babc7a77a50291f3104cb4],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [0f4cf82e84f7a59124f8741fe320fc04],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass, Quarantined, [bd9e988ee5961b1b1c005b3841c2867a],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, Quarantined, [69f2d25437445ed88a92078cc63d09f7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass, Quarantined, [b3a8f630e398c57163b97a197a8928d8],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [afac0125a8d312246cb0256e06fd13ed],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine, Quarantined, [d18a4bdb62196ec86eae8b089370d22e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [79e2cf5739424bebef2df69dc142f808],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine, Quarantined, [87d4c165671491a525f7f99a788b57a9],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [59023de9483380b6e438ade6af54f010],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [4d0e81a5accf78befb21e3b0a1622ed2],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [4f0cee38cbb058de43d9fa99778cf60a],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, Quarantined, [b6a5bf67f388e74f6bb1e1b2ab5807f9],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [e57637ef2259a5910c101380a75c4cb4],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher, Quarantined, [e5763de964175adcf02c81122bd821df],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [6deedc4a493243f32fed2f6406fd11ef],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [2437ff27f586ec4a7aa2c1d24cb701ff],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, Quarantined, [4714f33315663402bd5ff2a1e71cec14],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine, Quarantined, [d98286a0fd7ea1951a02dfb4d42fee12],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [c19ac36391eaa39330ec8013bc47b947],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback, Quarantined, [b3a883a3c4b79e98bb61920134cff50b],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [63f883a3d8a302348696365d9370a45c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, Quarantined, [82d91214700b7bbbb8644f44a261e41c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, Quarantined, [0f4c0323fd7ef14530ecc4cf7390e917],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exe, Quarantined, [b5a60f170a71ae888893692a9370966a],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-134228104-2085873779-558425676-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSense, Quarantined, [0556bb6b83f855e1b4694f44f11252ae],

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 5
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[99c2d155b5c6290dadb11bf4bc48b44c]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[6eedcc5abbc09c9a37296da209fb35cb]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[4615f630215aea4cef705fb0f4109e62]
PUM.Hijack.HomePageControl, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),Replaced,[d78403230e6d0432776d4fc0df259a66]
Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[4714a77f0972ea4c1e04fd15e0243dc3]

Pastas: 0
(No malicious items detected)

Arquivos: 14
Trojan.Downloader, C:\Users\Ursula\AppData\Local\Temp\setup4.exe, Quarantined, [8dce4dd9f289d066121ccb9b857ca759],
PUP.Optional.SkyTech.A, C:\Users\Ursula\AppData\Local\Temp\smt_qone8.exe, Quarantined, [84d7988ee398ab8bc304da743dc4a060],
PUP.Optional.SkyTech.A, C:\Users\Ursula\AppData\Local\Temp\fullpackage_temp1395884254\alilog.dll, Quarantined, [411ad452611aa59131e11919c43cdf21],
PUP.Optional.SkyTech.A, C:\Users\Ursula\AppData\Local\Temp\fullpackage_temp1395884254\package1.zip, Quarantined, [8fcc190d324981b55eb41a18ec14c53b],
PUP.Optional.NextLive.A, C:\Users\Ursula\AppData\Local\Temp\is266766283\4614587_stp\Mobogenie_Setup_UN.exe, Quarantined, [e27941e5384355e1918375d815ec0ef2],
PUP.Optional.SaveSense.A, C:\Users\Ursula\AppData\Local\Temp\is701137889\8712233_stp\sas.exe, Quarantined, [2c2f32f48fec94a2d530b388c43d8c74],
PUP.Optional.SaveSense.A, C:\Users\Ursula\AppData\Local\Temp\{82B1BD74-2029-46E1-93F6-E0AF2BD3230D}\o-update\SaveSenseLive.exe, Quarantined, [2536cd596516a3936335ed771ce58c74],
PUP.Optional.PCMega.A, C:\Users\Ursula\Downloads\Alanis morissette empathy mp3 (1).exe, Quarantined, [49125ec8de9d5adc654f0c9ba75c60a0],
PUP.Optional.PCMega.A, C:\Users\Ursula\Downloads\Alanis morissette empathy mp3.exe, Quarantined, [33281d09d5a68ea8b7fdd9ceca398b75],
PUP.Optional.OpenCandy, C:\Users\Ursula\Downloads\format-factory-3.2.1.exe, Quarantined, [d685d254bac175c1dcfbbd7ad52fc63a],
PUP.Optional.InstallCore.A, C:\Users\Ursula\Downloads\msn-messenger-2009-32-bits.exe, Quarantined, [eb709e88c0bbe45269bb3c6ff40fef11],
PUP.Optional.Somoto, C:\Users\Ursula\Downloads\VDownloaderInstallerIC_downloader-dAxODgKB.exe, Quarantined, [3328f135fe7d6dc91206d4d6c14215eb],
PUP.Optional.QuickStart.A, C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, [54078b9b7ffc1026dcc6a5ba35cd6c94],
PUP.Optional.SaveSense, C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job, Quarantined, [0358e93dc4b7fc3a37a3533ff80b48b8],

Physical Sectors: 0
(No malicious items detected)


(end)

Reiniciei no modo normal e mesmo após a verificação com malwarebytes não é possível acessar a internet. Somente pelo modo de segurança com rede.

 Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Ursula on 05/04/2014 at 0:00:14,73.
Microsoft® Windows Vista™ Starter 6.0.6000 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Ursula\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com.br/");

Added to C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_042014_0009_.backup

==== Deleting Files \ Folders ======================

C:\Users\Ursula\daemonprocess.txt deleted
C:\Users\Ursula\.android deleted
C:\Program Files\GUT4F4B.tmp deleted
C:\Program Files\GUT668C.tmp deleted
C:\Program Files\GUT7A96.tmp deleted
C:\Program Files\GUT8912.tmp deleted
C:\Program Files\GUTA38B.tmp deleted
C:\Program Files\GUTCC89.tmp deleted
C:\Program Files\GUM4F1B.tmp deleted
C:\Program Files\GUM660E.tmp deleted
C:\Program Files\GUM6E40.tmp deleted
C:\Program Files\GUM77D7.tmp deleted
C:\Program Files\GUM8884.tmp deleted
C:\Program Files\GUMCC79.tmp deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\Ursula\AppData\Local\BIT1549.tmp deleted
C:\Users\Ursula\AppData\Local\cache deleted
C:\Windows\system32\tasks\SaveSenseLiveUpdateTaskMachineUA deleted
C:\Windows\system32\tasks\Baidu PC Faster Update deleted
C:\Users\Ursula\AppData\Roaming\unins000.exe deleted
C:\Users\Ursula\AppData\Roaming\unins001.exe deleted
"C:\Users\Ursula\AppData\Local\{D8A15EF4-552E-4E13-81FB-FA32489B9B15}" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8874}"="C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\abn\xpi" [16/12/2013 10:25]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Red Cats green flavor - %ProfilePath%\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}.xpi
- Red Cats blue flavor - %ProfilePath%\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default
257E7BD1D90C987F5F2DDC1CCB185DC3 - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
0012E2B34E88D95EE60FEDFB2FDBC0C2 - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll - Módulo de Proteção - Banco Santander (Brasil) S.A.
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
A795A7F26131D0B10F6EE75C4DE3D320 - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat
406106D91D3F86FD34EC194940855746 - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal
B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24/01/2014 16:43]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[13/01/2014 10:45]
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[01/03/2013 15:06]

GBBD Banco Santander (Brasil) S.A. - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
Google Docs - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Green Pop Theme - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffgapkaegdmcompheglkkponnpmfdcgf
Google Wallet - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
Gmail - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Ursula\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Ursula\Desktop\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\0091.lnk - C:\Program Files\Bright\0091\Mrv8000x.exe
C:\Users\Public\Desktop\Adobe Reader 8.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Aplicativos para Escritorio.lnk - C:\Program Files\BrOffice.org 2.0\program\soffice.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Bright Client Utility.lnk - C:\Program Files\Bright\ACU.exe
C:\Users\Public\Desktop\Compre suprimentos - HP Deskjet 2050 J510 series.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPScan.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOffice.org 2.0\BrOffice.org Writer.lnk - C:\Windows\Installer\{0BD153D1-05F8-4163-BDA0-B60D1F70343C}\swriter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk - C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe /register

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bf3eafec-91ae-40ec-8fae-7009592b99aa deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ursula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Ursula\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ursula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Ursula\AppData\Local\Mozilla\Firefox\Profiles\onxkkc26.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=530 folders=29 609723466 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ursula\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Ursula\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Ursula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 05/04/2014 at 0:23:33,87 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Starter x86
Ran by Ursula on 05/04/2014 at 9:47:39,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Ursula\AppData\Roaming\mozilla\firefox\profiles\onxkkc26.default\minidumps [25 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/04/2014 at 9:50:44,33
End of JRT log

 Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
 
|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.4.3.2 - Nicolas Coolman (03/04/2014)
~ Iniciado por Ursula (05/04/2014 10:01:37)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v7.0.6000.16982
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Starter, 32-bit (Build 6000)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware versão 2.0.1.1004
SUPERAntiSpyware v5.7.1018

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader 8 - Português

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 1014 MB (44% free)
System Restore: Désactivé (Disabled)
System drive C: has 58 GB (77%) free of 75 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DANIELE-PC
~ User Name: Ursula
~ All Users Names: Ursula, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Ursula\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Ursula\AppData\Roaming\
~ %Desktop% : C:\Users\Ursula\Desktop\
~ %Favorites% : C:\Users\Ursula\Favorites\
~ %LocalAppData% : C:\Users\Ursula\AppData\Local\
~ %StartMenu% : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 58 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Hard drive, Flash drive, Thumb drive (Free 843 Go of 932 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - (.Microsoft Corporation - Windows Explorer.) (.12/12/2013 - 17:12:28.) -- C:\Windows\Explorer.exe [2923520]
[MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.02/11/2006 - 06:45:57.) -- C:\Windows\System32\Wininit.exe [95744]
[MD5.C7A318E74FEF945EBFF855C1513CD96C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.09/07/2013 - 15:40:52.) -- C:\Windows\System32\wininet.dll [832512]
[MD5.9F75392B9128A91ABAFB044EA350BAAD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.02/11/2006 - 06:45:57.) -- C:\Windows\System32\Winlogon.exe [308224]
[MD5.5D24CAF8EFD924A875698FF28384DB8B] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.02/11/2006 - 05:58:43.) -- C:\Windows\system32\Drivers\AFD.sys [270336]
[MD5.B35CFCEF838382AB6490B321C87EDF17] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/03/2008 - 18:00:34.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.6C3A437FC873C6F6A4FC620B6888CB86] - (.Microsoft Corporation - CD-ROM File System Driver.) (.02/11/2006 - 05:30:50.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.8D1866E61AF096AE8B582454F5E4D303] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/11/2006 - 05:51:44.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A7179DE59AE269AB70345527894CCD7C] - (.Microsoft Corporation - DFS Client MUP Surrogate Driver.) (.02/11/2006 - 05:31:04.) -- C:\Windows\system32\Drivers\DfsC.sys [74752]
[MD5.0DB613A7E427B5663563677796FD5258] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/09/2007 - 16:53:22.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.1C9EE072BAA3ABB460B91D7EE9152660] - (.Microsoft Corporation - Driver de porta i8042.) (.10/03/2008 - 17:56:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.10077C35845101548037DF04FD1A420B] - (.Microsoft Corporation - IP Network Address Translator.) (.02/11/2006 - 05:58:09.) -- C:\Windows\system32\Drivers\IpNat.sys [99840]
[MD5.8AF705CE1BB907932157FAB821170F27] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/07/2013 - 15:31:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [102400]
[MD5.E3A168912E7EEFC3BD3B814720D68B41] - (.Microsoft Corporation - MBT Transport driver.) (.02/11/2006 - 05:57:20.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.37430AA7A66D7A63407ADC2C0D05E9F6] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.09/07/2013 - 15:25:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1060920]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Driver de porta paralela.) (.02/11/2006 - 05:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.68B0019FEE429EC49D29017AF937E482] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.01/03/2007 - 15:08:00.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [74752]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 06:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.AC0D90738ADB51A6FD12FF00874A2162] - (.Microsoft Corporation - SMB Transport driver.) (.02/11/2006 - 05:57:10.) -- C:\Windows\system32\Drivers\smb.sys [66048]
[MD5.AB4FDE8AF4A0270A46A001C08CBCE1C2] - (.Microsoft Corporation - TDI Translation Driver.) (.02/11/2006 - 05:57:35.) -- C:\Windows\system32\Drivers\tdx.sys [68096]
[MD5.11EF6C1CAEF76B685233450A126125D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.02/11/2006 - 06:51:18.) -- C:\Windows\system32\Drivers\volsnap.sys [208488]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/427
~ Mes musiques (My Musics) : 9/21
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/853
~ Mon Bureau (My Desktop) : 1/11
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 02s



---\\ Processos lançados
[MD5.51F207D5A9E7B2E76BEE59C05CCC23C4] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [120088] [PID.1444]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [859976] [PID.1036]
[MD5.FA18468460906465C6A181904F5B706B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312] [PID.756]
[MD5.E75DA1FAAFC9B69CCD0940F95C9D1CF7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8182272] [PID.700]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ffgapkaegdmcompheglkkponnpmfdcgf] Green Pop Theme v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.2.0 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 20 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: 0091.lnk . (.Bright - 0091 Wireless Client Card Configuration Uti.) -- C:\Program Files\Bright\0091\Mrv8000x.exe
O4 - GS\Desktop [Public]: Aplicativos para Escritorio.lnk . (.OpenOffice.org - BrOffice.org 2.0.) -- C:\Program Files\BrOffice.org 2.0\program\soffice.exe
O4 - GS\Desktop [Public]: Bright Client Utility.lnk . (.Bright - Bright 0089/0090 Client Utility.) -- C:\Program Files\Bright\ACU.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: SUPERAntiSpyware Professional.lnk . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Ursula]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Ursula]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Ursula]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Ursula]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Ursula]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Ursula]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Ursula]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 53 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Ursula]: BrOffice.org 2.0.lnk . (...) -- C:\Program Files\BrOffice.org 2.0\program\quickstart.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ACU] . (.Bright - Bright 0089/0090 Client Utility.) -- C:\Program Files\Bright\ACU.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Chave orfã
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Chave orfã
O4 - HKUS\S-1-5-21-134228104-2085873779-558425676-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-134228104-2085873779-558425676-1000\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Bright Configuration Service (ACS) . (...) - C:\Windows\system32\acs.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
~ Services: 9 Legitimates Filtered in 00mn 04s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: 0091 - (.Bright.) [HKLM] -- {43A381E6-5BD0-4534-8DB8-03ED7DE168E0}
O42 - Logiciel: Ares 3.1.7.3042 - (.Ares.) [HKLM] -- {C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1
O42 - Logiciel: Bright Client Installation Program - (.Bright.) [HKLM] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: Módulo Adicional de Segurança CAIXA - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Módulo de Proteção Banco Santander 3.4.3.1 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
~ Logic: 12 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\DriverToolkit]
[HKCU\Software\GbAs]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Bright]
[HKLM\Software\PCback]
~ Key Software: 134 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/12/2013 - 09:53:33 - [5,472] ----D C:\Program Files\Ares
O43 - CFD: 24/01/2014 - 08:59:18 - [0] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 12/12/2013 - 19:21:13 - [5,054] ----D C:\Program Files\Bright
O43 - CFD: 04/04/2014 - 15:52:30 - [0,045] -SH-D C:\Program Files\d1b8
O43 - CFD: 12/12/2013 - 17:50:19 - [0] ----D C:\Program Files\DriverToolkit
O43 - CFD: 24/01/2014 - 09:03:21 - [0,003] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 24/01/2014 - 09:03:33 - [2,841] ----D C:\Users\Ursula\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 04/04/2014 - 19:04:59 - [0] -SH-D C:\Users\Ursula\AppData\Roaming\ceb0
O43 - CFD: 26/03/2014 - 22:38:17 - [1,671] ----D C:\Users\Ursula\AppData\Roaming\qone8 =>Hijacker.Qone8
O43 - CFD: 13/12/2013 - 10:24:33 - [0,024] ----D C:\Users\Ursula\AppData\Local\Ares
O43 - CFD: 12/12/2013 - 17:47:11 - [0] ----D C:\Users\Ursula\AppData\Local\DriverToolkit
~ Program Folder: 127 Legitimates Filtered in 00mn 13s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3A8C84DA8AFA82E6469B41D72DFDBB6B] - 04/04/2014 - 20:44:22 ---A- . (...) -- C:\log malware.txt [8686]
O44 - LFC:[MD5.DB97630F9C30FB690818E1F653193963] - 04/04/2014 - 22:23:27 ---A- . (...) -- C:\Log Malwarebyte2.txt [8319]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 04/04/2014 - 23:52:22 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.7F57DDB795294851B0026CB0A4C8C7E0] - 05/04/2014 - 00:14:38 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [3072]
O44 - LFC:[MD5.7F57DDB795294851B0026CB0A4C8C7E0] - 05/04/2014 - 00:14:38 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [3072]
O44 - LFC:[MD5.C5276A47EDBE54159D7A169A755E43FE] - 05/04/2014 - 00:21:45 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [83754]
O44 - LFC:[MD5.8202F022577FA1E26363FAEB4C544EDF] - 05/04/2014 - 00:21:45 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [485582]
O44 - LFC:[MD5.F2E0D8962B79BB8D3217C005220CC928] - 05/04/2014 - 00:23:33 ---A- . (...) -- C:\zoek-results.log [17668]
O44 - LFC:[MD5.FD5481C85F0F5E2EB1A3D89C63ACA45C] - 05/04/2014 - 09:04:05 ---A- . (...) -- C:\Windows\ntbtlog.txt [8933314]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 05/04/2014 - 09:04:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
~ Files: 21 Legitimates Filtered in 00mn 22s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{b579a4ca-68a8-11e3-b907-065043001281}\AutoRun\command. (.Seagate Technology LLC - Seagate Launcher.) -- H:\Setup.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDFSTab"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 24/01/2014 - 16:43:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 24/01/2014 - 16:43:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.6C313C3CB5994D4D093391B0F674B531] - 18/12/2013 - 08:42:38 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:[MD5.E758A151CE280BBA484CA58C805547F6] - 07/01/2008 - 13:45:28 ---A- . (.No owner - Image Mount Driver.) -- C:\Windows\System32\Drivers\cloverm.sys [27136]
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 06:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.DCF228C60E1036597FD5C4A647790527] - 01/07/2013 - 14:40:10 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47688]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 05/04/2014 - 09:04:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 06:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 06:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.566C5FD480FDBCE3BA5CF9FBCFFAEA9A] - 09/10/2008 - 15:42:42 ---A- . (.Windows (R) Codename Longhorn DDK provider - KMWDFilter Driver from UASSOFT.COM.) -- C:\Windows\System32\Drivers\KMWDFILTER.sys [17408]
O58 - SDL:[MD5.F65162EE72E54943B7C9BE3D9AF1684A] - 21/12/2005 - 16:44:28 ---A- . (.Bright, Inc - Bright 0091 driver.) -- C:\Windows\System32\Drivers\MRVW225.sys [299904]
O58 - SDL:[MD5.8E4D90CEC4F77F85D40B66D41EA14032] - 08/01/2008 - 02:15:06 ---A- . (.No owner - WINNT/2K/XP/2003 Driver.) -- C:\Windows\System32\Drivers\Shield.sys [58432]
O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 02/11/2006 - 06:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 06:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 02/11/2006 - 06:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 04:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.CD301D46AC3C98BDB314AAA5CD6B9F5E] - 21/12/2005 - 09:16:34 ---A- . (.Bright , Inc. - Driver for Bright 0089/0090 Wireless Network Adapter.) -- C:\Windows\System32\ar5211.sys [470016]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 04:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 04:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 04:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 04:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 04:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 04:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 04:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 04:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 04:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 04:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 04:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 04:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 17 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/07/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 78 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.05D4A0A6AF9F7ECB30E7DCD61C9913FF] [SPRF][13/12/2013] (...) -- C:\Users\Ursula\AppData\Roaming\unins000.dat [29169]
[MD5.42CA0E6EBB9C125A31591C92726C5AE9] [SPRF][13/12/2013] (...) -- C:\Users\Ursula\AppData\Roaming\unins001.dat [13996]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{244AC7B2-AB9D-49C3-9C7F-C913CF205417}C:\program files\ares\ares.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{402A2926-0B3B-4E40-87BA-8CF64949D46B}C:\program files\ares\ares.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\ares\ares.exe (.not file.)
~ Firewall: 138 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 19/12/2006 36864 | (ACS) . (...) - C:\Windows\system32\acs.exe
SS - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 24/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 08/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Demand 18/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 02/11/2006 22016 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 16/10/2013 452968 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 02/11/2006 22016 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 03s



---\\ Scâner Aditional (088)
Database Version : 13036 - (03/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 3

C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Ursula\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\Ursula\AppData\Roaming\qone8 =>Hijacker.Qone8^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
~ Additionnel Scan: 160756 Items scanned in 00mn 24s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Qone8
~ MSI: 2 link(s) detected in 00mn 00s



~ 779 Legitimates filtered by white list
End of the scan (497 lines in 01mn 39s)(0)

 Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em negrito abaixo para ser analisado:

C:\Windows\System32\Drivers\Shield.sys

Maiores detalhes de como utilizar o Virscan corretamente você encontra neste tutorial:

Virscan: Um ótimo sistema que verifica arquivos com vários antivirus online ao mesmo tempo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo.
__________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virscan.

Link:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]


Relatorio ZHPFix :



Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre :
Run by Ursula at 05/04/2014 13:18:02
High Elevated Privileges : OK
Windows Vista Starter Edition, 32-bit (Build 6000)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Public) : {4989F841-07BB-41ED-A4F3-C103D818A498}
ELIMINÉ: FirewallRaz (Public) : {3FF8A55F-8AA4-450C-99ED-E1A9ECF9AAF0}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (388) (2.901.862 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Nenhum ponto de restauro do sistema foi criado


========== Recapitulativo ==========
10 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 02s

========== Caminho do ficheiro do relatório ==========
C:\Users\Ursula\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/04/2014 12:48:03 [2080]
C:\Users\Ursula\AppData\Roaming\ZHP\ZHPFix[R2].txt - 05/04/2014 13:18:04 [1345]

Todas as verificações estão sendo feitas no modo de segurança com rede , há algum problema?
Pois não consigo abrir nenhum navegador no modo normal , sem ser pelo modo de segurança.

 Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.4.3.2 - Nicolas Coolman (03/04/2014)
~ Iniciado por Ursula (05/04/2014 13:34:54)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v7.0.6000.16982
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Starter, 32-bit (Build 6000)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware versão 2.0.1.1004
SUPERAntiSpyware v5.7.1018

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader 8 - Português

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 1014 MB (39% free)
System Restore: Désactivé (Disabled)
System drive C: has 58 GB (77%) free of 75 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DANIELE-PC
~ User Name: Ursula
~ All Users Names: Ursula, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Ursula\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Ursula\AppData\Roaming\
~ %Desktop% : C:\Users\Ursula\Desktop\
~ %Favorites% : C:\Users\Ursula\Favorites\
~ %LocalAppData% : C:\Users\Ursula\AppData\Local\
~ %StartMenu% : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 58 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Hard drive, Flash drive, Thumb drive (Free 843 Go of 932 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - (.Microsoft Corporation - Windows Explorer.) (.12/12/2013 - 17:12:28.) -- C:\Windows\Explorer.exe [2923520]
[MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.02/11/2006 - 06:45:57.) -- C:\Windows\System32\Wininit.exe [95744]
[MD5.C7A318E74FEF945EBFF855C1513CD96C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.09/07/2013 - 15:40:52.) -- C:\Windows\System32\wininet.dll [832512]
[MD5.9F75392B9128A91ABAFB044EA350BAAD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.02/11/2006 - 06:45:57.) -- C:\Windows\System32\Winlogon.exe [308224]
[MD5.5D24CAF8EFD924A875698FF28384DB8B] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.02/11/2006 - 05:58:43.) -- C:\Windows\system32\Drivers\AFD.sys [270336]
[MD5.B35CFCEF838382AB6490B321C87EDF17] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/03/2008 - 18:00:34.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.6C3A437FC873C6F6A4FC620B6888CB86] - (.Microsoft Corporation - CD-ROM File System Driver.) (.02/11/2006 - 05:30:50.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.8D1866E61AF096AE8B582454F5E4D303] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/11/2006 - 05:51:44.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A7179DE59AE269AB70345527894CCD7C] - (.Microsoft Corporation - DFS Client MUP Surrogate Driver.) (.02/11/2006 - 05:31:04.) -- C:\Windows\system32\Drivers\DfsC.sys [74752]
[MD5.0DB613A7E427B5663563677796FD5258] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/09/2007 - 16:53:22.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.1C9EE072BAA3ABB460B91D7EE9152660] - (.Microsoft Corporation - Driver de porta i8042.) (.10/03/2008 - 17:56:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.10077C35845101548037DF04FD1A420B] - (.Microsoft Corporation - IP Network Address Translator.) (.02/11/2006 - 05:58:09.) -- C:\Windows\system32\Drivers\IpNat.sys [99840]
[MD5.8AF705CE1BB907932157FAB821170F27] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/07/2013 - 15:31:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [102400]
[MD5.E3A168912E7EEFC3BD3B814720D68B41] - (.Microsoft Corporation - MBT Transport driver.) (.02/11/2006 - 05:57:20.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.37430AA7A66D7A63407ADC2C0D05E9F6] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.09/07/2013 - 15:25:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1060920]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Driver de porta paralela.) (.02/11/2006 - 05:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.68B0019FEE429EC49D29017AF937E482] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.01/03/2007 - 15:08:00.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [74752]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 06:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.AC0D90738ADB51A6FD12FF00874A2162] - (.Microsoft Corporation - SMB Transport driver.) (.02/11/2006 - 05:57:10.) -- C:\Windows\system32\Drivers\smb.sys [66048]
[MD5.AB4FDE8AF4A0270A46A001C08CBCE1C2] - (.Microsoft Corporation - TDI Translation Driver.) (.02/11/2006 - 05:57:35.) -- C:\Windows\system32\Drivers\tdx.sys [68096]
[MD5.11EF6C1CAEF76B685233450A126125D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.02/11/2006 - 06:51:18.) -- C:\Windows\system32\Drivers\volsnap.sys [208488]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/427
~ Mes musiques (My Musics) : 9/21
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/853
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.51F207D5A9E7B2E76BEE59C05CCC23C4] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [120088] [PID.1444]
[MD5.FA18468460906465C6A181904F5B706B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312] [PID.756]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [859976] [PID.2224]
[MD5.E75DA1FAAFC9B69CCD0940F95C9D1CF7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8182272] [PID.1144]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ffgapkaegdmcompheglkkponnpmfdcgf] Green Pop Theme v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.2.0 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 20 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: 0091.lnk . (.Bright - 0091 Wireless Client Card Configuration Uti.) -- C:\Program Files\Bright\0091\Mrv8000x.exe
O4 - GS\Desktop [Public]: Aplicativos para Escritorio.lnk . (.OpenOffice.org - BrOffice.org 2.0.) -- C:\Program Files\BrOffice.org 2.0\program\soffice.exe
O4 - GS\Desktop [Public]: Bright Client Utility.lnk . (.Bright - Bright 0089/0090 Client Utility.) -- C:\Program Files\Bright\ACU.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: SUPERAntiSpyware Professional.lnk . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Ursula]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Ursula]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Ursula]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Ursula]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Ursula]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Ursula]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Ursula]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 53 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Ursula]: BrOffice.org 2.0.lnk . (...) -- C:\Program Files\BrOffice.org 2.0\program\quickstart.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ACU] . (.Bright - Bright 0089/0090 Client Utility.) -- C:\Program Files\Bright\ACU.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-134228104-2085873779-558425676-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-134228104-2085873779-558425676-1000\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Bright Configuration Service (ACS) . (...) - C:\Windows\system32\acs.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
~ Services: 8 Legitimates Filtered in 00mn 04s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: 0091 - (.Bright.) [HKLM] -- {43A381E6-5BD0-4534-8DB8-03ED7DE168E0}
O42 - Logiciel: Ares 3.1.7.3042 - (.Ares.) [HKLM] -- {C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1
O42 - Logiciel: Bright Client Installation Program - (.Bright.) [HKLM] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: Módulo Adicional de Segurança CAIXA - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Módulo de Proteção Banco Santander 3.4.3.1 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
~ Logic: 12 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\DriverToolkit]
[HKCU\Software\GbAs]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Bright]
[HKLM\Software\PCback]
~ Key Software: 131 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/12/2013 - 09:53:33 - [5,472] ----D C:\Program Files\Ares
O43 - CFD: 12/12/2013 - 19:21:13 - [5,054] ----D C:\Program Files\Bright
O43 - CFD: 04/04/2014 - 15:52:30 - [0,045] -SH-D C:\Program Files\d1b8
O43 - CFD: 12/12/2013 - 17:50:19 - [0] ----D C:\Program Files\DriverToolkit
O43 - CFD: 04/04/2014 - 19:04:59 - [0] -SH-D C:\Users\Ursula\AppData\Roaming\ceb0
O43 - CFD: 13/12/2013 - 10:24:33 - [0,024] ----D C:\Users\Ursula\AppData\Local\Ares
O43 - CFD: 12/12/2013 - 17:47:11 - [0] ----D C:\Users\Ursula\AppData\Local\DriverToolkit
~ Program Folder: 123 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3A8C84DA8AFA82E6469B41D72DFDBB6B] - 04/04/2014 - 20:44:22 ---A- . (...) -- C:\log malware.txt [8686]
O44 - LFC:[MD5.DB97630F9C30FB690818E1F653193963] - 04/04/2014 - 22:23:27 ---A- . (...) -- C:\Log Malwarebyte2.txt [8319]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 04/04/2014 - 23:52:22 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.7F57DDB795294851B0026CB0A4C8C7E0] - 05/04/2014 - 00:14:38 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [3072]
O44 - LFC:[MD5.7F57DDB795294851B0026CB0A4C8C7E0] - 05/04/2014 - 00:14:38 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [3072]
O44 - LFC:[MD5.C5276A47EDBE54159D7A169A755E43FE] - 05/04/2014 - 00:21:45 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [83754]
O44 - LFC:[MD5.8202F022577FA1E26363FAEB4C544EDF] - 05/04/2014 - 00:21:45 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [485582]
O44 - LFC:[MD5.F2E0D8962B79BB8D3217C005220CC928] - 05/04/2014 - 00:23:33 ---A- . (...) -- C:\zoek-results.log [17668]
O44 - LFC:[MD5.FD5481C85F0F5E2EB1A3D89C63ACA45C] - 05/04/2014 - 09:04:05 ---A- . (...) -- C:\Windows\ntbtlog.txt [8933314]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 05/04/2014 - 09:04:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
~ Files: 21 Legitimates Filtered in 00mn 03s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{b579a4ca-68a8-11e3-b907-065043001281}\AutoRun\command. (.Seagate Technology LLC - Seagate Launcher.) -- H:\Setup.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDFSTab"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 24/01/2014 - 16:43:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 24/01/2014 - 16:43:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.E758A151CE280BBA484CA58C805547F6] - 07/01/2008 - 13:45:28 ---A- . (.No owner - Image Mount Driver.) -- C:\Windows\System32\Drivers\cloverm.sys [27136]
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 06:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.DCF228C60E1036597FD5C4A647790527] - 01/07/2013 - 14:40:10 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47688]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 05/04/2014 - 09:04:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 06:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 06:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.566C5FD480FDBCE3BA5CF9FBCFFAEA9A] - 09/10/2008 - 15:42:42 ---A- . (.Windows (R) Codename Longhorn DDK provider - KMWDFilter Driver from UASSOFT.COM.) -- C:\Windows\System32\Drivers\KMWDFILTER.sys [17408]
O58 - SDL:[MD5.F65162EE72E54943B7C9BE3D9AF1684A] - 21/12/2005 - 16:44:28 ---A- . (.Bright, Inc - Bright 0091 driver.) -- C:\Windows\System32\Drivers\MRVW225.sys [299904]
O58 - SDL:[MD5.8E4D90CEC4F77F85D40B66D41EA14032] - 08/01/2008 - 02:15:06 ---A- . (.No owner - WINNT/2K/XP/2003 Driver.) -- C:\Windows\System32\Drivers\Shield.sys [58432]
O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 02/11/2006 - 06:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 06:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 02/11/2006 - 06:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 04:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.CD301D46AC3C98BDB314AAA5CD6B9F5E] - 21/12/2005 - 09:16:34 ---A- . (.Bright , Inc. - Driver for Bright 0089/0090 Wireless Network Adapter.) -- C:\Windows\System32\ar5211.sys [470016]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 04:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 04:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 04:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 04:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 04:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 04:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 04:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 04:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 04:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 04:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 04:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 04:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 17 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/07/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 78 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.05D4A0A6AF9F7ECB30E7DCD61C9913FF] [SPRF][13/12/2013] (...) -- C:\Users\Ursula\AppData\Roaming\unins000.dat [29169]
[MD5.42CA0E6EBB9C125A31591C92726C5AE9] [SPRF][13/12/2013] (...) -- C:\Users\Ursula\AppData\Roaming\unins001.dat [13996]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 19/12/2006 36864 | (ACS) . (...) - C:\Windows\system32\acs.exe
SS - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 24/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Auto 08/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Demand 18/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 02/11/2006 22016 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 16/10/2013 452968 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 02/11/2006 22016 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 00s



---\\ Scâner Aditional (088)
Database Version : 13036 - (03/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 153731 Items scanned in 00mn 23s



~ 765 Legitimates filtered by white list
End of the scan (464 lines in 00mn 55s)(0)

O log está limpo, sem problemas.

Inicie o PC no modo normal do Windows e teste a internet para ver se está funcionando normalmente e depois nos diga o resultado.

Puxa, depois de meses sem poder acessar o pc em modo normal , está tudo ok !       

Vlw pela orientação e paciência! Tudo ok !

Obrigada!
--------------------------------------------------------------------------------------------------------

  Fico feliz que o problema tenha sido resolvido.

 Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

  Foi um prazer ajudar. Conte sempre conosco!

O ícone de rede e de remover harware com segurança sumiram da minha barra de ferramentas. No modo normal do windows cliquei na barra de ferramentas com o botão direito, fui em propriedades e depois Área de notificação. Mas a opção de ícone de rede está indisponível. Como reativá-la? Os dois ícones só estão aparecendo no modo de segurança com rede .