Remoção de adware e afins

Na tentativa de instalar o Flv player, o avast bloqueou algumas ameaças. No entanto,mesmo assim foi modificado algumas configurações no pc deixando-o lento e janelas do Chrome estão abrindo sozinhas com propagandas aparecendo em toda parte. Há como remover?

  Oi Dani.

Siga, por gentileza, as dicas desta postagem para fazer uma limpeza com o Malwarebytes:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.023 - Relatório criado 18/04/2014 às 18:12:32
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows Vista (TM) Starter (32 bits)
# Usuário : Ursula - DANIELE-PC
# Executando de : C:\Users\Ursula\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : BackupStack
[#] Serviço Deletada : ca82e1a5

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Pasta Deletada : C:\Program Files\AnyProtectEx
Pasta Deletada : C:\Program Files\MyPC Backup
Pasta Deletada : C:\Program Files\NewPlayer
Pasta Deletada : C:\Program Files\Optimizer Pro
Pasta Deletada : C:\Program Files\fst_br_102
Pasta Deletada : C:\Users\Ursula\AppData\Local\fst_br_102
Pasta Deletada : C:\Users\Ursula\AppData\Roaming\Optimizer Pro
Pasta Deletada : C:\Users\Ursula\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\Ursula\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\Ursula\AppData\Roaming\webssearches
Pasta Deletada : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Pasta Deletada : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\Ursula\Documents\Optimizer Pro
Pasta Deletada : C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Arquivo Deletada : C:\Users\Public\Desktop\NewPlayer.lnk
Arquivo Deletada : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Arquivo Deletada : C:\Users\Ursula\Desktop\MyPC Backup.lnk
Arquivo Deletada : C:\Users\Ursula\Desktop\Optimizer Pro.lnk

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Atalho Desinfectada : C:\Users\Ursula\Desktop\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Ursula\Desktop\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\free_soft_to_day
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\supTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_br_102_is1

***** [ Navegadores ] *****

-\\ Internet Explorer v7.0.6000.16982

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\prefs.js ]

Linha deletada : user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1397843211&from=tugs&uid=MAXTORXSTM380815AS_5QZ5XWQHXXXX5QZ5XWQH");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1397843211&from=tugs&uid=MAXTORXSTM380815AS_5QZ5XWQHXXXX5QZ5XWQH");
Linha deletada : user_pref("extensions.crossrider.bic", "14575f3ffbb279d98ea4855c5d771432");

-\\ Google Chrome v34.0.1847.116

[ Arquivo : C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6679 octets] - [18/04/2014 18:11:11]
AdwCleaner[S0].txt - [5204 octets] - [18/04/2014 18:12:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5264 octets] ##########

 Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Ursula on 18/04/2014 at 18:27:35,88.
Microsoft® Windows Vista™ Starter 6.0.6000 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ursula\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\prefs.js:
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "webssearches");
user_pref("browser.search.selectedEngine", "webssearches");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default

user.js not found
---- Lines aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256 removed from prefs.js ----
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.aa69a8c34f1034384bb0361e6f2997d075273998bc268422
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.aa69a8c34f1034384bb0361e6f2997d075273998bc268422
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.active", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.addressbar", "NA");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.addressbarenhanced", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncdb.was_copied", "true");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncdb_dbWasSet", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncinternaldb.was_copied", "true");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncinternaldb_dbWasSet", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.backgroundver", 1);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.certdomaininstaller", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.changeprevious", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallationTime.value", "%221397843162%2
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.jw_token.expiration", "Fri Feb 01 2030 00
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.jw_token.value", "%22b9bc1775-6252-a241-c
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.description", "Feven Shopping Companion");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.domain", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.enablesearch", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.homepage", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.iframe", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.InstallationThankYouPage", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.InstallationTime", 1397843162);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledUrls.value
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_appVer.value", "15");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_nextCheck.expiration", "Fri
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.lastDailyReport", "1397843303502");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.lastUpdate", "1397843303497");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.manifesturl", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.name", "Freeven Pro 1.4");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.newtab", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.opensearch", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.pluginsurl", "http://js.clientdemocloud.com/plug
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.pluginsversion", 10);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.publisher", "Freeven");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.searchstatus", 0);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.setnewtab", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.thankyou", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.updateinterval", 360);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.ver", 15);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.apps", "54256");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.bic", "14575f3ffbb279d98ea4855c5d771432");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.cid", 54256);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.FilesValidatorDueTime", "1397847981121");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.firstrun", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.hadappinstalled", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.installationdate", 1397843296);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.modetype", "production");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.reportInstall", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.statsDailyCounter", 1);
---- Lines aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246 removed from prefs.js ----
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.active", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.addressbar", "NA");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.addressbarenhanced", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncdb.was_copied", "true");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncdb_dbWasSet", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncinternaldb.was_copied", "true");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncinternaldb_dbWasSet", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.backgroundver", 1);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.certdomaininstaller", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.changeprevious", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallationTime.value", "%221397843452%2
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.description", "MediaPlayerEnhance Extension");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.domain", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.enablesearch", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.homepage", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.iframe", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.InstallationThankYouPage", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.InstallationTime", 1397843452);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledUrls.value
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_appVer.value", "21");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_nextCheck.expiration", "Fri
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_remote_resources.expiration
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.lastDailyReport", "1397845496725");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.lastUpdate", "1397845495689");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.manifesturl", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.name", "MediaPlayerplus");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.newtab", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.opensearch", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.pluginsurl", "http://js.clientdemocloud.com/plug
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.pluginsversion", 16);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.publisher", "Freeven");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.searchstatus", 0);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.setnewtab", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.thankyou", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.updateinterval", 360);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.ver", 21);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.apps", "54246");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.bic", "14575f3ffbb279d98ea4855c5d771432");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.cid", 54246);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.FilesValidatorDueTime", "1397847984538");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.firstrun", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.hadappinstalled", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.installationdate", 1397845485);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.modetype", "production");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.reportInstall", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----

prefs_042014_1840_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\GUT28E6.tmp deleted
C:\Program Files\GUM28E5.tmp deleted
C:\Program Files\Uninstaller deleted
C:\Users\Ursula\AppData\Local\nss1F19.tmp deleted
C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\extensions\a69a8c34-f103-4384-bb03-61e6f2997d07@5273998b-c268-422e-b0ea-5c8e02755d20.com deleted
"C:\Users\Ursula\AppData\Roaming\CAD-KAS" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [09/04/2014 08:42]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8874}"="C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\abn\xpi" [16/12/2013 10:25]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Red Cats green flavor - %ProfilePath%\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}.xpi
- Red Cats blue flavor - %ProfilePath%\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
257E7BD1D90C987F5F2DDC1CCB185DC3 - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
0012E2B34E88D95EE60FEDFB2FDBC0C2 - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll - Módulo de Proteção - Banco Santander (Brasil) S.A.
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
A795A7F26131D0B10F6EE75C4DE3D320 - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat
406106D91D3F86FD34EC194940855746 - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal
B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09/04/2014 08:42]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[13/01/2014 10:45]
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[01/03/2013 15:06]

GBBD Banco Santander (Brasil) S.A. - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
Google Docs - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Green Pop Theme - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffgapkaegdmcompheglkkponnpmfdcgf
MediaPlayerplus - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
Google Wallet - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
Freeven Pro 1.4 - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfjkhpoplhjgghojojfaceimcojjafb
Gmail - Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd deleted successfully
C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0 deleted successfully
C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd deleted successfully
C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfjkhpoplhjgghojojfaceimcojjafb deleted successfully
C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_okfjkhpoplhjgghojojfaceimcojjafb_0 deleted successfully
C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okfjkhpoplhjgghojojfaceimcojjafb deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Ursula\Desktop\Continue VuuPC Installation.lnk - C:\Users\Ursula\AppData\Local\Temp\ICReinstall_nsdE5E6.tmp /RR
C:\Users\Ursula\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Ursula\Desktop\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ursula\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Ursula\Desktop\Sync Folder.lnk - C:\Program Files\MyPC Backup\MyPC Backup.exe opensync

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\0091.lnk - C:\Program Files\Bright\0091\Mrv8000x.exe
C:\Users\Public\Desktop\Adobe Reader 8.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Aplicativos para Escritorio.lnk - C:\Program Files\BrOffice.org 2.0\program\soffice.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Bright Client Utility.lnk - C:\Program Files\Bright\ACU.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Compre suprimentos - HP Deskjet 2050 J510 series.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPScan.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOffice.org 2.0\BrOffice.org Writer.lnk - C:\Windows\Installer\{0BD153D1-05F8-4163-BDA0-B60D1F70343C}\swriter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_to_day\Freesofttoday.lnk - C:\Program Files\fst_br_102\freeSoftToday_widget.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\MCShield Control Center.lnk - C:\Program Files\MCShield\MCShieldCC.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\MCShield Real-Time Monitor.lnk - C:\Program Files\MCShield\MCShieldRTM.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\Logs\All scans.lnk - C:\ProgramData\MCShield\AllScans.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\Logs\Last scan.lnk - C:\ProgramData\MCShield\LastScan.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\Logs\Summary.lnk - C:\ProgramData\MCShield\Summary.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\Tools\MCShield Translator.lnk - C:\Program Files\MCShield\Tools\Translator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield\Uninstall\Uninstall MCShield.lnk - C:\Program Files\MCShield\MCS-Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Ursula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ursula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Ursula\AppData\Local\Mozilla\Firefox\Profiles\onxkkc26.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Ursula\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1090 folders=101 660053751 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ursula\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Ursula\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Ursula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 18/04/2014 at 18:47:17,83 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Starter x86
Ran by Ursula on 18/04/2014 at 19:08:18,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Ursula\AppData\Roaming\mozilla\firefox\profiles\onxkkc26.default\prefs.js

user_pref("extensions.crossrider.bic", "14576d039b5845963c7037042465ecad");
Emptied folder: C:\Users\Ursula\AppData\Roaming\mozilla\firefox\profiles\onxkkc26.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/04/2014 at 19:14:28,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

*Execute o FRST e aceite o contrato


*Clique [Scan]


*Ao término clique [OK] > [OK]



*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014 01
Ran by Ursula (administrator) on DANIELE-PC on 18-04-2014 19:33:14
Running from C:\Users\Ursula\Downloads
Microsoft® Windows Vista™ Starter (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(GAS Tecnologia) C:\Program Files\GbPlugin\GbpSv.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Bright) C:\Program Files\Bright\ACU.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files\BrOffice.org 2.0\program\soffice.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(OpenOffice.org) C:\Program Files\BrOffice.org 2.0\program\soffice.BIN
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-05-25] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-12] (Realtek Semiconductor)
HKLM\...\Run: [ACU] => C:\Program Files\Bright\ACU.exe [405540 2006-12-19] (Bright)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-09] (AVAST Software)
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 1
HKU\S-1-5-21-134228104-2085873779-558425676-1000\...\Policies\Explorer: [NoDFSTab] 1
HKU\S-1-5-21-134228104-2085873779-558425676-1000\...\Policies\Explorer: [NoWindowsUpdate] 1
Startup: C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrOffice.org 2.0.lnk
ShortcutTarget: BrOffice.org 2.0.lnk -> C:\Program Files\BrOffice.org 2.0\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1479528 2013-10-16] (Caixa Economica Federal)
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default
FF NewTab: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: gastecnologia.com.br/sf/abn - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
FF Plugin HKCU: gastecnologia.com.br/sf/cef - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: Freeven Pro 1.4 - C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\Extensions\a69a8c34-f103-4384-bb03-61e6f2997d07@5273998b-c268-422e-b0ea-5c8e02755d20.com [2014-04-18]
FF Extension: Red Cats (green flavor) - C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\Extensions\{dd30bf68-268a-4815-ad48-8740b774c764}.xpi [2013-12-12]
FF Extension: Red Cats (blue flavor) - C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi [2013-12-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-24]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\cef\sf.xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\cef\sf.xpi [2013-12-13]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
FF Extension: GBBD Banco Santander (Brasil) S.A. - C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2013-12-16]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

========================== Services (Whitelisted) =================

S2 ACS; C:\Windows\system32\acs.exe [36864 2006-12-19] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-09] (AVAST Software)
R2 GbpSv; C:\Program Files\GbPlugin\GbpSv.exe [452968 2013-10-16] (GAS Tecnologia)
S2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [X]
S2 vosr; C:\Users\Ursula\AppData\Roaming\VOPackage\VOsrv.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-04-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-09] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-09] ()
R1 cloverm; C:\Windows\system32\Drivers\cloverm.sys [27136 2008-01-07] ()
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47688 2013-07-01] (GAS Tecnologia)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-18] (Malwarebytes Corporation)
R3 MRVW225; C:\Windows\System32\DRIVERS\MRVW225.sys [299904 2005-12-21] (Bright, Inc)
S3 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2014-04-18] (GbPlugin NDIS Device Driver)
R3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2014-04-18] (GbPlugin NDIS Device Driver)
R0 Shield; C:\Windows\system32\Drivers\Shield.sys [58432 2008-01-08] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 19:33 - 2014-04-18 19:33 - 00011349 _____ () C:\Users\Ursula\Downloads\FRST.txt
2014-04-18 19:32 - 2014-04-18 19:33 - 00000000 ____D () C:\FRST
2014-04-18 19:30 - 2014-04-18 19:30 - 01146880 _____ (Farbar) C:\Users\Ursula\Downloads\FRST.exe
2014-04-18 19:14 - 2014-04-18 19:14 - 00001094 _____ () C:\Users\Ursula\Desktop\JRT.txt
2014-04-18 19:05 - 2014-04-18 19:05 - 01016261 _____ (Thisisu) C:\Users\Ursula\Downloads\JRT.exe
2014-04-18 18:45 - 2014-04-18 18:45 - 00000714 _____ () C:\Windows\PFRO.log
2014-04-18 18:44 - 2014-04-18 18:27 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-18 18:29 - 2014-04-18 18:47 - 00042166 _____ () C:\zoek-results.log
2014-04-18 18:27 - 2014-04-18 18:28 - 04095370 _____ () C:\Users\Ursula\Downloads\zoek.zip
2014-04-18 18:26 - 2014-04-18 18:26 - 01285120 _____ () C:\Users\Ursula\Downloads\zoek.exe
2014-04-18 18:11 - 2014-04-18 18:13 - 00000000 ____D () C:\AdwCleaner
2014-04-18 18:09 - 2014-04-18 18:09 - 01426178 _____ () C:\Users\Ursula\Downloads\AdwCleaner.exe
2014-04-18 18:05 - 2014-04-18 18:05 - 00008841 _____ () C:\Users\Ursula\Documents\logmalware.odt
2014-04-18 17:46 - 2014-04-18 17:46 - 00002458 _____ () C:\Users\Ursula\Downloads\Log1.xml
2014-04-18 15:58 - 2014-04-18 16:00 - 00532900 _____ () C:\Users\Ursula\Downloads\yet_another_cleaner_kwo.exe
2014-04-18 15:07 - 2014-04-18 17:52 - 00000887 _____ () C:\Users\Ursula\Desktop\Continue VuuPC Installation.lnk
2014-04-18 14:54 - 2014-04-18 14:54 - 00001714 _____ () C:\Users\Ursula\Desktop\Sync Folder.lnk
2014-04-18 14:51 - 2014-04-18 14:52 - 00000000 ____D () C:\Program Files\MediaPlayerplus
2014-04-18 14:46 - 2014-04-18 14:47 - 00000000 ____D () C:\Program Files\Freeven Pro 1.4
2014-04-18 14:44 - 2014-04-18 14:45 - 00448920 _____ () C:\Users\Ursula\Downloads\Setup(1).exe
2014-04-18 14:42 - 2014-04-18 14:42 - 00448920 _____ () C:\Users\Ursula\Downloads\Setup.exe
2014-04-17 22:12 - 2014-04-17 22:12 - 00006578 _____ () C:\Users\Ursula\Documents\cc_20140417_22121217042014.reg
2014-04-17 21:25 - 2014-04-17 21:38 - 00000000 ___RD () C:\Users\Ursula\Google Drive
2014-04-17 21:03 - 2014-04-17 21:04 - 00884672 _____ (Google Inc.) C:\Users\Ursula\Downloads\googledrivesync.exe
2014-04-13 17:41 - 2014-04-13 17:41 - 00001202 _____ () C:\Users\Ursula\Documents\cc_20140413_174057.reg
2014-04-10 14:14 - 2014-04-10 14:14 - 00001516 _____ () C:\Users\Ursula\Desktop\DelFix.txt
2014-04-10 14:12 - 2014-04-10 14:13 - 00001516 _____ () C:\DelFix.txt
2014-04-10 09:31 - 2014-04-10 09:31 - 00000400 _____ () C:\Users\Ursula\Documents\cc_20140410_093105.reg
2014-04-09 18:17 - 2014-04-09 18:17 - 00004930 _____ () C:\Users\Ursula\Documents\cc_20140409_181724.reg
2014-04-09 08:42 - 2014-04-09 08:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-07 19:54 - 2014-04-07 19:54 - 00001017 _____ () C:\Users\Ursula\Desktop\Revo Uninstaller.lnk
2014-04-07 19:54 - 2014-04-07 19:54 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-07 19:53 - 2014-04-07 19:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ursula\Downloads\revosetup.exe
2014-04-07 18:45 - 2014-04-07 18:45 - 00000000 ____D () C:\Users\Ursula\AppData\Local\VS Revo Group
2014-04-07 18:45 - 2014-04-07 18:45 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-07 17:06 - 2014-04-18 17:53 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 10:58 - 2014-04-07 10:58 - 00000438 _____ () C:\Users\Ursula\Documents\cc_20140407_105847.reg
2014-04-07 10:57 - 2014-04-07 10:57 - 00001928 _____ () C:\Users\Ursula\Documents\cc_20140407_105704.reg
2014-04-07 10:29 - 2014-04-07 10:29 - 00000000 ____D () C:\Users\Ursula\AppData\Roaming\Malwarebytes
2014-04-07 09:06 - 2014-04-07 10:28 - 00000000 ____D () C:\Users\Ursula\Downloads\mbam-chameleon-1.62.1.1000
2014-04-07 09:04 - 2014-04-07 09:05 - 01440846 _____ () C:\Users\Ursula\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-04-06 23:41 - 2014-04-06 23:41 - 00013780 _____ () C:\Users\Ursula\Documents\copia de registros2 cc_20140406_234106.reg
2014-04-06 23:26 - 2014-04-07 00:11 - 00005386 _____ () C:\Users\Ursula\Downloads\log.xml
2014-04-06 21:57 - 2014-04-06 21:57 - 00000104 _____ () C:\Users\Public\Computador - Atalho.lnk
2014-04-05 22:21 - 2014-04-05 22:34 - 00000000 ____D () C:\Users\Ursula\Downloads\Fontes
2014-04-05 20:55 - 2014-04-10 09:23 - 00000000 ____D () C:\Users\Ursula\Desktop\Log
2014-04-05 20:16 - 2014-04-05 20:36 - 00000000 ____D () C:\ProgramData\MCShield
2014-04-05 20:16 - 2014-04-05 20:16 - 00000000 ____D () C:\Program Files\MCShield
2014-04-05 20:14 - 2014-04-05 20:14 - 02846904 _____ (MyCity) C:\Users\Ursula\Downloads\MCShield-Setup.exe
2014-04-05 18:30 - 2014-04-18 18:50 - 00274959 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 18:25 - 2014-04-05 18:25 - 00281664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 18:15 - 2014-04-05 18:15 - 00143942 _____ () C:\Users\Ursula\Documents\cópia dos registros.reg
2014-04-05 18:11 - 2014-04-05 18:11 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-05 18:11 - 2014-04-05 18:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-05 18:08 - 2014-04-05 18:09 - 04787368 _____ (Piriform Ltd) C:\Users\Ursula\Downloads\ccsetup412.exe
2014-04-05 18:04 - 2014-04-05 18:06 - 00008718 ____N () C:\PureRa.txt
2014-04-05 18:03 - 2014-04-05 18:03 - 00027505 _____ () C:\Users\Ursula\Downloads\PureRa.zip
2014-04-05 18:03 - 2014-04-05 18:03 - 00000000 ____D () C:\Users\Ursula\Downloads\PureRa
2014-04-05 09:47 - 2014-04-05 09:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 23:59 - 2014-04-05 22:49 - 00000000 ____D () C:\Users\Ursula\Downloads\zoek (4)
2014-04-04 23:51 - 2014-04-18 18:42 - 00000000 ____D () C:\zoek_backup
2014-04-04 19:55 - 2014-04-07 10:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 19:55 - 2014-04-04 20:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-04 19:55 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 19:43 - 2014-04-04 19:45 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ursula\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-04 19:16 - 2014-04-04 19:16 - 00000372 _____ () C:\Users\Ursula\Documentos - Atalho.lnk
2014-04-04 15:52 - 2014-04-10 09:23 - 00000000 __SHD () C:\Program Files\d1b8
2014-04-04 15:52 - 2014-04-04 19:04 - 00000000 __SHD () C:\Users\Ursula\AppData\Roaming\ceb0
2014-04-04 15:52 - 2014-04-04 15:52 - 00000000 ____D () C:\cf604
2014-03-26 23:32 - 2014-03-27 08:16 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-03-26 23:32 - 2014-03-26 23:32 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard

==================== One Month Modified Files and Folders =======

2014-04-18 19:33 - 2014-04-18 19:33 - 00011349 _____ () C:\Users\Ursula\Downloads\FRST.txt
2014-04-18 19:33 - 2014-04-18 19:32 - 00000000 ____D () C:\FRST
2014-04-18 19:30 - 2014-04-18 19:30 - 01146880 _____ (Farbar) C:\Users\Ursula\Downloads\FRST.exe
2014-04-18 19:14 - 2014-04-18 19:14 - 00001094 _____ () C:\Users\Ursula\Desktop\JRT.txt
2014-04-18 19:05 - 2014-04-18 19:05 - 01016261 _____ (Thisisu) C:\Users\Ursula\Downloads\JRT.exe
2014-04-18 18:54 - 2006-11-05 22:33 - 00485582 _____ () C:\Windows\system32\prfh0416.dat
2014-04-18 18:54 - 2006-11-05 22:33 - 00083754 _____ () C:\Windows\system32\prfc0416.dat
2014-04-18 18:54 - 2006-11-02 07:33 - 01264968 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 18:50 - 2014-04-05 18:30 - 00274959 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 18:48 - 2013-08-06 17:17 - 00000000 ____D () C:\Users\Ursula\AppData\Roaming\BrOffice.org2
2014-04-18 18:47 - 2014-04-18 18:29 - 00042166 _____ () C:\zoek-results.log
2014-04-18 18:46 - 2014-03-16 18:30 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf415ee9d342f8.job
2014-04-18 18:46 - 2013-12-13 10:00 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\GbpNdisrd.sys
2014-04-18 18:46 - 2006-11-02 10:02 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 18:46 - 2006-11-02 09:46 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 18:46 - 2006-11-02 09:46 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 18:45 - 2014-04-18 18:45 - 00000714 _____ () C:\Windows\PFRO.log
2014-04-18 18:44 - 2006-11-02 10:02 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-18 18:42 - 2014-04-04 23:51 - 00000000 ____D () C:\zoek_backup
2014-04-18 18:28 - 2014-04-18 18:27 - 04095370 _____ () C:\Users\Ursula\Downloads\zoek.zip
2014-04-18 18:27 - 2014-04-18 18:44 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-18 18:26 - 2014-04-18 18:26 - 01285120 _____ () C:\Users\Ursula\Downloads\zoek.exe
2014-04-18 18:13 - 2014-04-18 18:11 - 00000000 ____D () C:\AdwCleaner
2014-04-18 18:13 - 2013-12-12 19:56 - 00000806 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-18 18:13 - 2013-07-09 17:10 - 00001035 _____ () C:\Users\Ursula\Desktop\Google Chrome.lnk
2014-04-18 18:13 - 2013-07-09 17:10 - 00000000 ____D () C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-18 18:13 - 2013-07-08 19:01 - 00000889 _____ () C:\Users\Ursula\Desktop\Launch Internet Explorer Browser.lnk
2014-04-18 18:13 - 2013-07-08 18:59 - 00000919 _____ () C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-18 18:09 - 2014-04-18 18:09 - 01426178 _____ () C:\Users\Ursula\Downloads\AdwCleaner.exe
2014-04-18 18:05 - 2014-04-18 18:05 - 00008841 _____ () C:\Users\Ursula\Documents\logmalware.odt
2014-04-18 17:53 - 2014-04-07 17:06 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 17:52 - 2014-04-18 15:07 - 00000887 _____ () C:\Users\Ursula\Desktop\Continue VuuPC Installation.lnk
2014-04-18 17:46 - 2014-04-18 17:46 - 00002458 _____ () C:\Users\Ursula\Downloads\Log1.xml
2014-04-18 16:00 - 2014-04-18 15:58 - 00532900 _____ () C:\Users\Ursula\Downloads\yet_another_cleaner_kwo.exe
2014-04-18 15:19 - 2014-01-12 18:48 - 00009216 _____ () C:\Users\Ursula\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-18 15:06 - 2013-12-12 18:30 - 00000000 ____D () C:\Users\Ursula\Documents\Updater5
2014-04-18 14:54 - 2014-04-18 14:54 - 00001714 _____ () C:\Users\Ursula\Desktop\Sync Folder.lnk
2014-04-18 14:52 - 2014-04-18 14:51 - 00000000 ____D () C:\Program Files\MediaPlayerplus
2014-04-18 14:47 - 2014-04-18 14:46 - 00000000 ____D () C:\Program Files\Freeven Pro 1.4
2014-04-18 14:45 - 2014-04-18 14:44 - 00448920 _____ () C:\Users\Ursula\Downloads\Setup(1).exe
2014-04-18 14:42 - 2014-04-18 14:42 - 00448920 _____ () C:\Users\Ursula\Downloads\Setup.exe
2014-04-17 22:12 - 2014-04-17 22:12 - 00006578 _____ () C:\Users\Ursula\Documents\cc_20140417_22121217042014.reg
2014-04-17 21:38 - 2014-04-17 21:25 - 00000000 ___RD () C:\Users\Ursula\Google Drive
2014-04-17 21:25 - 2013-07-08 18:58 - 00000000 ____D () C:\Users\Ursula
2014-04-17 21:14 - 2013-07-08 19:09 - 00000000 ____D () C:\Users\Ursula\AppData\Local\Google
2014-04-17 21:13 - 2013-07-08 19:09 - 00000000 ____D () C:\Program Files\Google
2014-04-17 21:04 - 2014-04-17 21:03 - 00884672 _____ (Google Inc.) C:\Users\Ursula\Downloads\googledrivesync.exe
2014-04-13 17:41 - 2014-04-13 17:41 - 00001202 _____ () C:\Users\Ursula\Documents\cc_20140413_174057.reg
2014-04-10 14:14 - 2014-04-10 14:14 - 00001516 _____ () C:\Users\Ursula\Desktop\DelFix.txt
2014-04-10 14:13 - 2014-04-10 14:12 - 00001516 _____ () C:\DelFix.txt
2014-04-10 09:42 - 2014-01-13 11:09 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-10 09:31 - 2014-04-10 09:31 - 00000400 _____ () C:\Users\Ursula\Documents\cc_20140410_093105.reg
2014-04-10 09:23 - 2014-04-05 20:55 - 00000000 ____D () C:\Users\Ursula\Desktop\Log
2014-04-10 09:23 - 2014-04-04 15:52 - 00000000 __SHD () C:\Program Files\d1b8
2014-04-09 18:17 - 2014-04-09 18:17 - 00004930 _____ () C:\Users\Ursula\Documents\cc_20140409_181724.reg
2014-04-09 08:43 - 2014-01-24 16:44 - 00001833 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-09 08:42 - 2014-04-09 08:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-09 08:42 - 2014-01-24 16:43 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-09 08:42 - 2014-01-24 16:43 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-09 08:42 - 2014-01-24 16:43 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-09 08:42 - 2014-01-24 16:43 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-09 08:42 - 2014-01-24 16:43 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-09 08:42 - 2014-01-24 16:43 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-04-09 08:42 - 2014-01-24 16:43 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-04-09 08:42 - 2014-01-24 16:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-08 20:41 - 2014-01-25 08:30 - 00000680 _____ () C:\Users\Ursula\AppData\Local\d3d9caps.dat
2014-04-07 19:54 - 2014-04-07 19:54 - 00001017 _____ () C:\Users\Ursula\Desktop\Revo Uninstaller.lnk
2014-04-07 19:54 - 2014-04-07 19:54 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-07 19:53 - 2014-04-07 19:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ursula\Downloads\revosetup.exe
2014-04-07 19:23 - 2013-07-08 18:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-07 18:45 - 2014-04-07 18:45 - 00000000 ____D () C:\Users\Ursula\AppData\Local\VS Revo Group
2014-04-07 18:45 - 2014-04-07 18:45 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-07 10:58 - 2014-04-07 10:58 - 00000438 _____ () C:\Users\Ursula\Documents\cc_20140407_105847.reg
2014-04-07 10:57 - 2014-04-07 10:57 - 00001928 _____ () C:\Users\Ursula\Documents\cc_20140407_105704.reg
2014-04-07 10:29 - 2014-04-07 10:29 - 00000000 ____D () C:\Users\Ursula\AppData\Roaming\Malwarebytes
2014-04-07 10:29 - 2014-04-04 19:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 10:28 - 2014-04-07 09:06 - 00000000 ____D () C:\Users\Ursula\Downloads\mbam-chameleon-1.62.1.1000
2014-04-07 10:28 - 2006-11-02 08:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-04-07 09:05 - 2014-04-07 09:04 - 01440846 _____ () C:\Users\Ursula\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-04-07 00:11 - 2014-04-06 23:26 - 00005386 _____ () C:\Users\Ursula\Downloads\log.xml
2014-04-06 23:41 - 2014-04-06 23:41 - 00013780 _____ () C:\Users\Ursula\Documents\copia de registros2 cc_20140406_234106.reg
2014-04-06 21:57 - 2014-04-06 21:57 - 00000104 _____ () C:\Users\Public\Computador - Atalho.lnk
2014-04-06 21:57 - 2006-11-02 08:18 - 00000000 ___RD () C:\Users\Public
2014-04-05 22:49 - 2014-04-04 23:59 - 00000000 ____D () C:\Users\Ursula\Downloads\zoek (4)
2014-04-05 22:34 - 2014-04-05 22:21 - 00000000 ____D () C:\Users\Ursula\Downloads\Fontes
2014-04-05 20:36 - 2014-04-05 20:16 - 00000000 ____D () C:\ProgramData\MCShield
2014-04-05 20:16 - 2014-04-05 20:16 - 00000000 ____D () C:\Program Files\MCShield
2014-04-05 20:14 - 2014-04-05 20:14 - 02846904 _____ (MyCity) C:\Users\Ursula\Downloads\MCShield-Setup.exe
2014-04-05 18:25 - 2014-04-05 18:25 - 00281664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 18:15 - 2014-04-05 18:15 - 00143942 _____ () C:\Users\Ursula\Documents\cópia dos registros.reg
2014-04-05 18:14 - 2014-01-13 11:40 - 00000000 ____D () C:\Users\Ursula\Tracing
2014-04-05 18:13 - 2008-07-13 10:45 - 00000000 ____D () C:\Windows\panther
2014-04-05 18:11 - 2014-04-05 18:11 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-05 18:11 - 2014-04-05 18:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-05 18:09 - 2014-04-05 18:08 - 04787368 _____ (Piriform Ltd) C:\Users\Ursula\Downloads\ccsetup412.exe
2014-04-05 18:06 - 2014-04-05 18:04 - 00008718 ____N () C:\PureRa.txt
2014-04-05 18:03 - 2014-04-05 18:03 - 00027505 _____ () C:\Users\Ursula\Downloads\PureRa.zip
2014-04-05 18:03 - 2014-04-05 18:03 - 00000000 ____D () C:\Users\Ursula\Downloads\PureRa
2014-04-05 17:44 - 2006-11-02 08:18 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-05 09:47 - 2014-04-05 09:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-05 09:37 - 2013-12-13 09:59 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-04-04 21:48 - 2013-07-08 19:10 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 21:30 - 2006-11-02 08:18 - 00000000 ____D () C:\Windows\system
2014-04-04 20:55 - 2014-04-04 19:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-04 19:45 - 2014-04-04 19:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ursula\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-04 19:16 - 2014-04-04 19:16 - 00000372 _____ () C:\Users\Ursula\Documentos - Atalho.lnk
2014-04-04 19:04 - 2014-04-04 15:52 - 00000000 __SHD () C:\Users\Ursula\AppData\Roaming\ceb0
2014-04-04 15:52 - 2014-04-04 15:52 - 00000000 ____D () C:\cf604
2014-04-03 09:51 - 2014-04-04 19:55 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 08:44 - 2013-07-08 19:00 - 00072496 _____ () C:\Users\Ursula\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-27 08:16 - 2014-03-26 23:32 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-03-26 23:32 - 2014-03-26 23:32 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys
[2006-11-02 07:25] - [2006-11-02 06:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6



LastRegBack: 2014-04-18 18:52

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-04-2014 01
Ran by Ursula at 2014-04-18 19:34:45
Running from C:\Users\Ursula\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

0091 (HKLM\...\{43A381E6-5BD0-4534-8DB8-03ED7DE168E0}) (Version: 1.00.0000 - Bright)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 8 - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-A80000000000}) (Version: 8.0.0 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assistente de Conexão do Windows Live (HKLM\...\{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}) (Version: 5.000.818.5 - Microsoft Corporation)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bright Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: - Bright)
BrOffice.org 2.0 (HKLM\...\{0BD153D1-05F8-4163-BDA0-B60D1F70343C}) (Version: 2.0.9073 - OpenOffice.org)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Ferramenta de Carregamento do Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Freeven Pro 1.4 (HKLM\...\Freeven Pro 1.4) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Ajuda (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Malwarebytes Anti-Malware versão 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.4.27 - MyCity)
MediaPlayerplus (HKLM\...\MediaPlayerplus) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 28.0 (x86 pt-BR)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
NewPlayer (HKLM\...\NewPlayer) (Version: v2.1.1.6 - ) <==== ATTENTION
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb) (Version: - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Software básico do dispositivo HP Deskjet 2050 J510 series (HKLM\...\{276ACE3E-B1AB-46CE-9F35-7F394879D0E6}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Suporte para Aplicativos Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VO Package (HKLM\...\VOPackage) (Version: 1.0.0.0 - )
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM\...\{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{2DF215E0-BD3C-4C98-8616-AFEF09747285}) (Version: 14.0.8117.416 - Microsoft Corporation)

==================== Restore Points =========================


==================== Hosts content: ==========================

2006-11-02 07:23 - 2014-04-18 18:29 - 00000781 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1E5726C0-75BF-4407-AB06-179A437E37C9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3FB88B31-C16F-41EA-BE06-BDC8C8C1768C} - System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-4 => C:\Program Files\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-4.exe [2014-04-18] (Freeven)
Task: {476A8EC0-1C79-414D-89EE-29F9236D5D7B} - System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-5 => C:\Program Files\Freeven Pro 1.4\414b386e-3a42-4bfc-803f-586238088491-5.exe [2014-04-18] (Freeven)
Task: {4BB6F323-1BF5-45FD-8618-570CE8A2C0D3} - System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-3 => C:\Program Files\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-3.exe [2014-04-18] (Freeven)
Task: {51294EB6-2976-4E1B-9E4F-0FCB704A9BF3} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {64715FBF-3794-4DED-A2B7-8C53839AAB1A} - System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-4 => C:\Program Files\Freeven Pro 1.4\414b386e-3a42-4bfc-803f-586238088491-4.exe [2014-04-18] (Freeven)
Task: {75D4361A-5C7D-4980-B057-23C699A51A36} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-134228104-2085873779-558425676-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {7677ADD4-D570-4BFE-BD03-8EAF973DEE0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-08] (Google Inc.)
Task: {78105DFA-D44D-47CA-9134-C08D2C1E2871} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-134228104-2085873779-558425676-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {83ACFD1E-585E-4677-8CE9-492C6CE93757} - System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-3 => C:\Program Files\Freeven Pro 1.4\414b386e-3a42-4bfc-803f-586238088491-3.exe [2014-04-18] (Freeven)
Task: {93E67B49-CD0C-41A7-AFF1-E9947348B3AE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-134228104-2085873779-558425676-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {AB7A158B-8F35-45C3-85AD-51F1D9AF770E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-134228104-2085873779-558425676-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {B214A839-A81B-4250-9D54-EE15C2B57C79} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-09] (AVAST Software)
Task: {B7837B62-DBB3-4DC2-96CB-ED355D1FE698} - System32\Tasks\GoogleUpdateTaskMachineCore1cf415ee9d342f8 => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-08] (Google Inc.)
Task: {B9BFE751-3B43-4089-A53E-CDF772CAD3B4} - System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-5 => C:\Program Files\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-5.exe [2014-04-18] (Freeven)
Task: {D88EA29E-F377-42DA-887D-0498C888E446} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-134228104-2085873779-558425676-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {D8A3901F-1682-4087-A2BF-660ECB6E8A17} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {D922380F-039D-4FD2-8DB6-209A72159856} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {E0B50394-9AE5-4AAF-9C3D-EAC65813D51C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-08] (Google Inc.)
Task: {E8D09779-FD6B-4E6A-B819-BA0AEEAA8838} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf415ee9d342f8.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-18 14:56 - 2014-04-18 14:56 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041802\algo.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-24 16:43 - 2014-01-24 16:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-10-15 17:01 - 2006-10-15 17:01 - 00828416 _____ () C:\Program Files\BrOffice.org 2.0\program\libxml2.dll
2014-03-18 21:49 - 2014-03-18 21:49 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-13 07:32 - 2013-12-13 07:32 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\System32:01CAE29D_Cef.gbp
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-04-18 19:34:35.096
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:34:34.957
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:34:34.749
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:34:34.557
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:34:34.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:34:34.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:34:34.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 19:34:33.915
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-18 17:49:06.739
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\PROGRA~1\OPTIMI~1\OPTPRO~2.DLL because the set of per-page image hashes could not be found on the system.

Date: 2014-04-07 10:36:22.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 89%
Total physical RAM: 1014.75 MB
Available physical RAM: 104.05 MB
Total Pagefile: 2297.87 MB
Available Pagefile: 1046.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:58.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 75 GB) (Disk ID: 9BE9E40B)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 Sugiro que desinstale o Bonjour, que é desnecessário e pode deixar o PC mais lento.
______________________________________________________________________________

 Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo abaixo e também os que estão nestas pastas abaixo para serem analisados (um de cada vez) e à medida em que cada um deles for analisado, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links em sua próxima resposta juntamente com o log do FRST pedido abaixo:

C:\Users\Ursula\AppData\Roaming\VOPackage\VOsrv.exe
C:\Program Files\d1b8
C:\Users\Ursula\AppData\Roaming\ceb0
C:\cf604
___________________________________________________________________________________

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo lugar onde você deixou o Farbar (FRST):
C:\Users\Ursula\Downloads

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta juntamente com os links das análises dos arquivos no site Virus Total.

start
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
FF Extension: Freeven Pro 1.4 - C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\Extensions\a69a8c34-f103-4384-bb03-61e6f2997d07@5273998b-c268-422e-b0ea-5c8e02755d20.com [2014-04-18]
2014-04-18 14:46 - 2014-04-18 14:47 - 00000000 ____D () C:\Program Files\Freeven Pro 1.4
2014-04-18 14:51 - 2014-04-18 14:52 - 00000000 ____D () C:\Program Files\MediaPlayerplus
2014-04-18 17:52 - 2014-04-18 15:07 - 00000887 _____ () C:\Users\Ursula\Desktop\Continue VuuPC Installation.lnk
2014-04-18 16:00 - 2014-04-18 15:58 - 00532900 _____ () C:\Users\Ursula\Downloads\yet_another_cleaner_kwo.exe
2014-04-18 14:52 - 2014-04-18 14:51 - 00000000 ____D () C:\Program Files\MediaPlayerplus
2014-04-18 14:47 - 2014-04-18 14:46 - 00000000 ____D () C:\Program Files\Freeven Pro 1.4
Freeven Pro 1.4 (HKLM\...\Freeven Pro 1.4) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
MediaPlayerplus (HKLM\...\MediaPlayerplus) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
NewPlayer (HKLM\...\NewPlayer) (Version: v2.1.1.6 - ) <==== ATTENTION
Task: {3FB88B31-C16F-41EA-BE06-BDC8C8C1768C} - System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-4 => C:\Program Files\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-4.exe [2014-04-18] (Freeven)
Task: {476A8EC0-1C79-414D-89EE-29F9236D5D7B} - System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-5 => C:\Program Files\Freeven Pro 1.4\414b386e-3a42-4bfc-803f-586238088491-5.exe [2014-04-18] (Freeven)
Task: {4BB6F323-1BF5-45FD-8618-570CE8A2C0D3} - System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-3 => C:\Program Files\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-3.exe [2014-04-18] (Freeven)
Task: {64715FBF-3794-4DED-A2B7-8C53839AAB1A} - System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-4 => C:\Program Files\Freeven Pro 1.4\414b386e-3a42-4bfc-803f-586238088491-4.exe [2014-04-18] (Freeven)
Task: {83ACFD1E-585E-4677-8CE9-492C6CE93757} - System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-3 => C:\Program Files\Freeven Pro 1.4\414b386e-3a42-4bfc-803f-586238088491-3.exe [2014-04-18] (Freeven)
Task: {B9BFE751-3B43-4089-A53E-CDF772CAD3B4} - System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-5 => C:\Program Files\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-5.exe [2014-04-18] (Freeven)
end

Oi Dani. Você só repetiu o fixlist que te passei. Mas o que preciso é que você baixe o arquivo fixlist.txt que está anexado na minha outra postagem e salve-o no mesmo lugar onde você deixou o Farbar (FRST) que é este local abaixo:
C:\Users\Ursula\Downloads

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo.

Selecione, copie e cole o conteúdo deste Fixlog.txt

Esse?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-04-2014 01
Ran by Ursula at 2014-04-18 21:53:56 Run:1
Running from C:\Users\Ursula\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
FF Extension: Freeven Pro 1.4 - C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\Extensions\a69a8c34-f103-4384-bb03-61e6f2997d07@5273998b-c268-422e-b0ea-5c8e02755d20.com [2014-04-18]
2014-04-18 14:46 - 2014-04-18 14:47 - 00000000 ____D () C:\Program Files\Freeven Pro 1.4
2014-04-18 14:51 - 2014-04-18 14:52 - 00000000 ____D () C:\Program Files\MediaPlayerplus
2014-04-18 17:52 - 2014-04-18 15:07 - 00000887 _____ () C:\Users\Ursula\Desktop\Continue VuuPC Installation.lnk
2014-04-18 16:00 - 2014-04-18 15:58 - 00532900 _____ () C:\Users\Ursula\Downloads\yet_another_cleaner_kwo.exe
2014-04-18 14:52 - 2014-04-18 14:51 - 00000000 ____D () C:\Program Files\MediaPlayerplus
2014-04-18 14:47 - 2014-04-18 14:46 - 00000000 ____D () C:\Program Files\Freeven Pro 1.4
Freeven Pro 1.4 (HKLM\...\Freeven Pro 1.4) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
MediaPlayerplus (HKLM\...\MediaPlayerplus) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
NewPlayer (HKLM\...\NewPlayer) (Version: v2.1.1.6 - ) <==== ATTENTION
Task: {3FB88B31-C16F-41EA-BE06-BDC8C8C1768C} - System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-4 => C:\Program Files\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-4.exe [2014-04-18] (Freeven)
Task: {476A8EC0-1C79-414D-89EE-29F9236D5D7B} - System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-5 => C:\Program Files\Freeven Pro 1.4\414b386e-3a42-4bfc-803f-586238088491-5.exe [2014-04-18] (Freeven)
Task: {4BB6F323-1BF5-45FD-8618-570CE8A2C0D3} - System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-3 => C:\Program Files\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-3.exe [2014-04-18] (Freeven)
Task: {64715FBF-3794-4DED-A2B7-8C53839AAB1A} - System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-4 => C:\Program Files\Freeven Pro 1.4\414b386e-3a42-4bfc-803f-586238088491-4.exe [2014-04-18] (Freeven)
Task: {83ACFD1E-585E-4677-8CE9-492C6CE93757} - System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-3 => C:\Program Files\Freeven Pro 1.4\414b386e-3a42-4bfc-803f-586238088491-3.exe [2014-04-18] (Freeven)
Task: {B9BFE751-3B43-4089-A53E-CDF772CAD3B4} - System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-5 => C:\Program Files\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-5.exe [2014-04-18] (Freeven)
end
*****************

Default URLSearchHook was restored successfully .
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005 => Key deleted successfully.
C:\Users\Ursula\AppData\Roaming\Mozilla\Firefox\Profiles\onxkkc26.default\Extensions\a69a8c34-f103-4384-bb03-61e6f2997d07@5273998b-c268-422e-b0ea-5c8e02755d20.com => Moved successfully.
C:\Program Files\Freeven Pro 1.4 => Moved successfully.
C:\Program Files\MediaPlayerplus => Moved successfully.
C:\Users\Ursula\Desktop\Continue VuuPC Installation.lnk => Moved successfully.
C:\Users\Ursula\Downloads\yet_another_cleaner_kwo.exe => Moved successfully.
"C:\Program Files\MediaPlayerplus" => File/Directory not found.
"C:\Program Files\Freeven Pro 1.4" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3FB88B31-C16F-41EA-BE06-BDC8C8C1768C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FB88B31-C16F-41EA-BE06-BDC8C8C1768C} => Key deleted successfully.
C:\Windows\System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-4 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-4 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{476A8EC0-1C79-414D-89EE-29F9236D5D7B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{476A8EC0-1C79-414D-89EE-29F9236D5D7B} => Key deleted successfully.
C:\Windows\System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-5 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\414b386e-3a42-4bfc-803f-586238088491-5 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BB6F323-1BF5-45FD-8618-570CE8A2C0D3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BB6F323-1BF5-45FD-8618-570CE8A2C0D3} => Key deleted successfully.
C:\Windows\System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64715FBF-3794-4DED-A2B7-8C53839AAB1A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64715FBF-3794-4DED-A2B7-8C53839AAB1A} => Key deleted successfully.
C:\Windows\System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-4 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\414b386e-3a42-4bfc-803f-586238088491-4 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83ACFD1E-585E-4677-8CE9-492C6CE93757} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83ACFD1E-585E-4677-8CE9-492C6CE93757} => Key deleted successfully.
C:\Windows\System32\Tasks\414b386e-3a42-4bfc-803f-586238088491-3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\414b386e-3a42-4bfc-803f-586238088491-3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9BFE751-3B43-4089-A53E-CDF772CAD3B4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9BFE751-3B43-4089-A53E-CDF772CAD3B4} => Key deleted successfully.
C:\Windows\System32\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-5 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-5 => Key deleted successfully.

==== End of Fixlog ====

Esse?

   Sim, é este mesmo.
___________________________________________________________________________________________

 Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
 
|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.4.18.33 - Nicolas Coolman (18/04/2014)
~ Iniciado por Ursula (18/04/2014 22:10:20)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v7.0.6000.16982
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Starter, 32-bit (Build 6000)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware versão 2.0.1.1004

---\\ Softwares d'optimização do sistema
CCleaner v4.12 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader 8 - Português

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (31% free)
System Restore: Désactivé (Disabled)
System drive C: has 58 GB (78%) free of 75 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DANIELE-PC
~ User Name: Ursula
~ All Users Names: Ursula, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Ursula\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Ursula\AppData\Roaming\
~ %Desktop% : C:\Users\Ursula\Desktop\
~ %Favorites% : C:\Users\Ursula\Favorites\
~ %LocalAppData% : C:\Users\Ursula\AppData\Local\
~ %StartMenu% : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 58 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - (.Microsoft Corporation - Windows Explorer.) (.12/12/2013 - 17:12:28.) -- C:\Windows\Explorer.exe [2923520]
[MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.02/11/2006 - 06:45:57.) -- C:\Windows\System32\Wininit.exe [95744]
[MD5.C7A318E74FEF945EBFF855C1513CD96C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.09/07/2013 - 15:40:52.) -- C:\Windows\System32\wininet.dll [832512]
[MD5.9F75392B9128A91ABAFB044EA350BAAD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.02/11/2006 - 06:45:57.) -- C:\Windows\System32\Winlogon.exe [308224]
[MD5.5D24CAF8EFD924A875698FF28384DB8B] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.02/11/2006 - 05:58:43.) -- C:\Windows\system32\Drivers\AFD.sys [270336]
[MD5.B35CFCEF838382AB6490B321C87EDF17] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/03/2008 - 18:00:34.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.6C3A437FC873C6F6A4FC620B6888CB86] - (.Microsoft Corporation - CD-ROM File System Driver.) (.02/11/2006 - 05:30:50.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.8D1866E61AF096AE8B582454F5E4D303] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/11/2006 - 05:51:44.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A7179DE59AE269AB70345527894CCD7C] - (.Microsoft Corporation - DFS Client MUP Surrogate Driver.) (.02/11/2006 - 05:31:04.) -- C:\Windows\system32\Drivers\DfsC.sys [74752]
[MD5.0DB613A7E427B5663563677796FD5258] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/09/2007 - 16:53:22.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.1C9EE072BAA3ABB460B91D7EE9152660] - (.Microsoft Corporation - Driver de porta i8042.) (.10/03/2008 - 17:56:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.10077C35845101548037DF04FD1A420B] - (.Microsoft Corporation - IP Network Address Translator.) (.02/11/2006 - 05:58:09.) -- C:\Windows\system32\Drivers\IpNat.sys [99840]
[MD5.8AF705CE1BB907932157FAB821170F27] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/07/2013 - 15:31:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [102400]
[MD5.E3A168912E7EEFC3BD3B814720D68B41] - (.Microsoft Corporation - MBT Transport driver.) (.02/11/2006 - 05:57:20.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.37430AA7A66D7A63407ADC2C0D05E9F6] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.09/07/2013 - 15:25:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1060920]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Driver de porta paralela.) (.02/11/2006 - 05:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.68B0019FEE429EC49D29017AF937E482] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.01/03/2007 - 15:08:00.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [74752]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 06:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.AC0D90738ADB51A6FD12FF00874A2162] - (.Microsoft Corporation - SMB Transport driver.) (.02/11/2006 - 05:57:10.) -- C:\Windows\system32\Drivers\smb.sys [66048]
[MD5.AB4FDE8AF4A0270A46A001C08CBCE1C2] - (.Microsoft Corporation - TDI Translation Driver.) (.02/11/2006 - 05:57:35.) -- C:\Windows\system32\Drivers\tdx.sys [68096]
[MD5.11EF6C1CAEF76B685233450A126125D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.02/11/2006 - 06:51:18.) -- C:\Windows\system32\Drivers\volsnap.sys [208488]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 9/21
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 1/75
~ Mon Bureau (My Desktop) : 1/24
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.DAAA237C34A506EF56D44A56EA039CC0] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\GbpSv.exe [452968] [PID.888]
[MD5.B1B7BF8A406A19CC4AD6E45555EA77E5] - (.Microsoft Corporation - Isolamento de Gráfico de Dispositivo de Áud.) -- C:\Windows\system32\AUDIODG.exe [88064] [PID.1232]
[MD5.A1DCD30534835CB67733AD00175125A6] - (.Microsoft Corporation - Serviço de Licenciamento de Software Micros.) -- C:\Windows\system32\SLsvc.exe [2605568] [PID.1264]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1588]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.484]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1316]
[MD5.FF81090B6EF1A42A19DF226632711D25] - (.Microsoft Corporation - Windows Update Automatic Updates.) -- C:\Windows\system32\wuauclt.exe [41472] [PID.3032]
[MD5.9AD9E2FB2811123DA13DE84CC154AB77] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1006264] [PID.772]
[MD5.B60128AC587F8E676763F7276A316103] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4702208] [PID.1476]
[MD5.892413E8CE4E633C8B2FE28700BFE58F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.4072]
[MD5.7C5B3139751F10AE0B0728C7826E8028] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [166424] [PID.2944]
[MD5.B0F6FF99D9E436DE03F6FC68BF12A5A5] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [133656] [PID.2884]
[MD5.F01E044C7C8C1C6C2CA2A64F7319528E] - (.Bright - Bright 0089/0090 Client Utility.) -- C:\Program Files\Bright\ACU.exe [405540] [PID.4088]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3232]
[MD5.93B2D0B19FB6B908C272A9423EDB6020] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [256536] [PID.3024]
[MD5.B44CA904E90883CB80B2D3B2DE560CDF] - (.OpenOffice.org - BrOffice.org 2.0.) -- C:\Program Files\BrOffice.org 2.0\program\soffice.exe [2334720] [PID.2948]
[MD5.67556F1039655894A1BD16E350305144] - (.OpenOffice.org - BrOffice.org 2.0.) -- C:\Program Files\BrOffice.org 2.0\program\soffice.BIN [2486272] [PID.3656]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.3356]
[MD5.161233DC79656145086BDBD6918A08D4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8216576] [PID.3784]
[MD5.05CB3DA78A4BBD9B799A5957F9D101CC] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [68608] [PID.2952]
~ Processes Running: Scanned in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: 0091.lnk . (.Bright - 0091 Wireless Client Card Configuration Uti.) -- C:\Program Files\Bright\0091\Mrv8000x.exe
O4 - GS\Desktop [Public]: Aplicativos para Escritorio.lnk . (.OpenOffice.org - BrOffice.org 2.0.) -- C:\Program Files\BrOffice.org 2.0\program\soffice.exe
O4 - GS\Desktop [Public]: Bright Client Utility.lnk . (.Bright - Bright 0089/0090 Client Utility.) -- C:\Program Files\Bright\ACU.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Ursula]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Ursula]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Ursula]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Ursula]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Ursula]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Ursula]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Ursula]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Ursula]: Sync Folder.lnk . (...) -- C:\Program Files\MyPC Backup\MyPC Backup.exe (.not file.) =>PUP.MyPCBackup
~ Global Startup: 54 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Ursula]: BrOffice.org 2.0.lnk . (...) -- C:\Program Files\BrOffice.org 2.0\program\quickstart.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ACU] . (.Bright - Bright 0089/0090 Client Utility.) -- C:\Program Files\Bright\ACU.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-134228104-2085873779-558425676-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Bright Configuration Service (ACS) . (...) - C:\Windows\system32\acs.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: Service Component of VO (vosr) . (...) - C:\Users\Ursula\AppData\Roaming\VOPackage\VOsrv.exe (.not file.) =>Adware.Downware
~ Services: 5 Legitimates Filtered in 00mn 07s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.9B0BA3D9396626F10646B6BBDD375373] [APT] [{9CE33496-3C5A-405C-B862-8A06D9C567E2}] (...) -- C:\Users\Ursula\Downloads\0091 (1)\0091.exe [2440216]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 03s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (SASDIFSV) . (. - .) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys (.not file.)
O41 - Driver: (SASKUTIL) . (. - .) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (.not file.)
~ Drivers: 102 Legitimates Filtered in 00mn 02s



---\\ Software instalados (042)
O42 - Logiciel: 0091 - (.Bright.) [HKLM] -- {43A381E6-5BD0-4534-8DB8-03ED7DE168E0}
O42 - Logiciel: Bright Client Installation Program - (.Bright.) [HKLM] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: Freeven Pro 1.4 - (.Freeven.) [HKLM] -- Freeven Pro 1.4 =>PUP.Freeven
O42 - Logiciel: MCShield ::Anti-Malware Tool:: - (.MyCity.) [HKLM] -- MCShield
O42 - Logiciel: NewPlayer - (...) [HKLM] -- NewPlayer
O42 - Logiciel: VO Package - (...) [HKLM] -- VOPackage =>Adware.Downware
~ Logic: 16 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\DriverToolkit]
[HKCU\Software\GbAs]
[HKCU\Software\MCShield]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Bright]
[HKLM\Software\PCback]
~ Key Software: 145 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/12/2013 - 19:21:13 - [] ----D C:\Program Files\Bright
O43 - CFD: 10/04/2014 - 09:23:24 - [0] -SH-D C:\Program Files\d1b8
O43 - CFD: 12/12/2013 - 17:50:19 - [] ----D C:\Program Files\DriverToolkit
O43 - CFD: 05/04/2014 - 20:16:33 - [] ----D C:\Program Files\MCShield
O43 - CFD: 05/04/2014 - 20:36:27 - [] ----D C:\ProgramData\MCShield
O43 - CFD: 04/04/2014 - 19:04:59 - [0] -SHAD C:\Users\Ursula\AppData\Roaming\ceb0
O43 - CFD: 12/12/2013 - 17:47:11 - [0] ---AD C:\Users\Ursula\AppData\Local\DriverToolkit
~ Program Folder: 121 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.43B30659FBEF968FD5ED7E761D3FD42D] - 05/04/2014 - 18:06:18 ----- . (...) -- C:\PureRa.txt [8718]
O44 - LFC:[MD5.6AB57F954C9FBFD475ADDE7BD72E622D] - 10/04/2014 - 14:13:34 ---A- . (...) -- C:\DelFix.txt [1516]
O44 - LFC:[MD5.13CE7A27387B40BFC6BA7B31C32AD7CD] - 18/04/2014 - 16:49:58 ---A- . (...) -- C:\Windows\ntbtlog.txt [73876]
O44 - LFC:[MD5.F1A9F408483520EB7249CCFF0CEF5F7F] - 18/04/2014 - 17:46:16 ---A- . (...) -- C:\Log malwarebytes1804.txt [1157]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 18/04/2014 - 18:27:08 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 18/04/2014 - 18:46:19 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.2E7E2EE36E70604CFABEC2FBBAADDBD5] - 18/04/2014 - 18:47:17 ---A- . (...) -- C:\zoek-results.log [42166]
O44 - LFC:[MD5.C5276A47EDBE54159D7A169A755E43FE] - 18/04/2014 - 18:54:44 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [83754]
O44 - LFC:[MD5.8202F022577FA1E26363FAEB4C544EDF] - 18/04/2014 - 18:54:44 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [485582]
~ Files: 27 Legitimates Filtered in 00mn 06s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - (no name) - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\GbPlugin\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDFSTab"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.84B4C00AE8CDFC52CF68F322D821F34C] - 09/04/2014 - 08:42:43 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.680448905E27BBC6587ADB28597640D6] - 09/04/2014 - 08:42:43 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760]
O58 - SDL:[MD5.E758A151CE280BBA484CA58C805547F6] - 07/01/2008 - 13:45:28 ---A- . (.No owner - Image Mount Driver.) -- C:\Windows\System32\Drivers\cloverm.sys [27136]
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 06:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.DCF228C60E1036597FD5C4A647790527] - 01/07/2013 - 14:40:10 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47688]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 18/04/2014 - 18:46:19 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 06:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 06:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.566C5FD480FDBCE3BA5CF9FBCFFAEA9A] - 09/10/2008 - 15:42:42 ---A- . (.Windows (R) Codename Longhorn DDK provider - KMWDFilter Driver from UASSOFT.COM.) -- C:\Windows\System32\Drivers\KMWDFILTER.sys [17408]
O58 - SDL:[MD5.F65162EE72E54943B7C9BE3D9AF1684A] - 21/12/2005 - 16:44:28 ---A- . (.Bright, Inc - Bright 0091 driver.) -- C:\Windows\System32\Drivers\MRVW225.sys [299904]
O58 - SDL:[MD5.8E4D90CEC4F77F85D40B66D41EA14032] - 08/01/2008 - 02:15:06 ---A- . (.No owner - WINNT/2K/XP/2003 Driver.) -- C:\Windows\System32\Drivers\Shield.sys [58432]
O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 02/11/2006 - 06:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 06:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 02/11/2006 - 06:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 04:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.CD301D46AC3C98BDB314AAA5CD6B9F5E] - 21/12/2005 - 09:16:34 ---A- . (.Bright , Inc. - Driver for Bright 0089/0090 Wireless Network Adapter.) -- C:\Windows\System32\ar5211.sys [470016]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 04:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 04:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 04:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 04:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 04:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 04:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 04:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 04:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 04:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 04:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 04:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 04:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 17 Legitimates Filtered in 00mn 15s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 07/01/2008 - C:\Windows\System32\Drivers\cloverm.sys (cloverm) .(.No owner - Image Mount Driver.) - LEGACY_CLOVERM
O64 - Services: CurCS - 01/07/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 72 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.05D4A0A6AF9F7ECB30E7DCD61C9913FF] [SPRF][13/12/2013] (...) -- C:\Users\Ursula\AppData\Roaming\unins000.dat [29169]
[MD5.42CA0E6EBB9C125A31591C92726C5AE9] [SPRF][13/12/2013] (...) -- C:\Users\Ursula\AppData\Roaming\unins001.dat [13996]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "F4E3CDA9AD43DC847872BB629D2075DB" . (..) -- C:\Windows\Installer\{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}\MsblIco.Exe
~ Update Products: 27 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense
~ BCK: 3891 Legitimates Filtered in 00mn 06s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 19/12/2006 36864 | (ACS) . (...) - C:\Windows\system32\acs.exe
SS - | Auto 08/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 10/07/1658 0 | (MBAMScheduler) . (...) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 10/07/1658 0 | (MBAMService) . (...) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 18/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 | (vosr) . (...) - C:\Users\Ursula\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware

SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 09/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/10/2013 452968 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 02/11/2006 22016 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 02/11/2006 22016 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 09s



---\\ Scâner Aditional (088)
Database Version : 13044 - (18/04/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\SYSTEM\CurrentControlSet\Services\vosr] =>Adware.Downware^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Freeven Pro 1.4] =>PUP.Freeven^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage] =>Adware.Downware^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense^
~ Additionnel Scan: 149573 Items scanned in 00mn 43s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MyPCBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Downware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AnyProtect
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveSense
~ MSI: 4 link(s) detected in 00mn 00s



~ 796 Legitimates filtered by white list
End of the scan (498 lines in 02mn 06s)(0)

C:\Users\Ursula\AppData\Roaming\VOPackage\VOsrv.exe > Não foi possível localizar
C:\Program Files\d1b8 > pasta vazia
C:\Users\Ursula\AppData\Roaming\ceb0 > pasta vazia


C:\cf604 > está fazendo scan das pastas

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

C:\cf604 > está fazendo scan das pastas

Ok, depois você posta também estes resultados.

Scan:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Ursula at 18/04/2014 22:44:04
High Elevated Privileges : OK
Windows Vista Starter Edition, 32-bit (Build 6000)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\freeven pro 1.4\uninstall.exe
AUSENTE Uninstall Process: c:\program files\newplayer\uninstall.exe
AUSENTE Uninstall Process: c:\users\ursula\appdata\roaming\vopackage\uninstall.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeven Pro 1.4]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
ELIMINÉ: Service: vosr
ELIMINÉ: HKCU\Software\AnyProtect
ELIMINÉ: HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\ursula\desktop\sync folder.lnk
ELIMINÉ Temporários windows (119) (2.275.131 octets)
ELIMINÉ Flash Cookies (1) (416 octets)

========== Tarefa planificada ==========
ELIMINÉ: {9CE33496-3C5A-405C-B862-8A06D9C567E2}

========== Restauração Sistema ==========
Nenhum ponto de restauro do sistema foi criado


========== Recapitulativo ==========
6 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
3 : Ficheiros
3 : Softwares
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 07s

========== Caminho do ficheiro do relatório ==========
C:\Users\Ursula\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/04/2014 22:44:06 [1943]

 Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.4.18.33 - Nicolas Coolman (18/04/2014)
~ Iniciado por Ursula (18/04/2014 22:50:49)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v7.0.6000.16982
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Starter, 32-bit (Build 6000)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware versão 2.0.1.1004

---\\ Softwares d'optimização do sistema
CCleaner v4.12 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader 8 - Português

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (34% free)
System Restore: Désactivé (Disabled)
System drive C: has 58 GB (78%) free of 75 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DANIELE-PC
~ User Name: Ursula
~ All Users Names: Ursula, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Ursula\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Ursula\AppData\Roaming\
~ %Desktop% : C:\Users\Ursula\Desktop\
~ %Favorites% : C:\Users\Ursula\Favorites\
~ %LocalAppData% : C:\Users\Ursula\AppData\Local\
~ %StartMenu% : C:\Users\Ursula\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 58 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - (.Microsoft Corporation - Windows Explorer.) (.12/12/2013 - 17:12:28.) -- C:\Windows\Explorer.exe [2923520]
[MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.02/11/2006 - 06:45:57.) -- C:\Windows\System32\Wininit.exe [95744]
[MD5.C7A318E74FEF945EBFF855C1513CD96C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.09/07/2013 - 15:40:52.) -- C:\Windows\System32\wininet.dll [832512]
[MD5.9F75392B9128A91ABAFB044EA350BAAD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.02/11/2006 - 06:45:57.) -- C:\Windows\System32\Winlogon.exe [308224]
[MD5.5D24CAF8EFD924A875698FF28384DB8B] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.02/11/2006 - 05:58:43.) -- C:\Windows\system32\Drivers\AFD.sys [270336]
[MD5.B35CFCEF838382AB6490B321C87EDF17] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/03/2008 - 18:00:34.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.6C3A437FC873C6F6A4FC620B6888CB86] - (.Microsoft Corporation - CD-ROM File System Driver.) (.02/11/2006 - 05:30:50.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.8D1866E61AF096AE8B582454F5E4D303] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/11/2006 - 05:51:44.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A7179DE59AE269AB70345527894CCD7C] - (.Microsoft Corporation - DFS Client MUP Surrogate Driver.) (.02/11/2006 - 05:31:04.) -- C:\Windows\system32\Drivers\DfsC.sys [74752]
[MD5.0DB613A7E427B5663563677796FD5258] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/09/2007 - 16:53:22.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.1C9EE072BAA3ABB460B91D7EE9152660] - (.Microsoft Corporation - Driver de porta i8042.) (.10/03/2008 - 17:56:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.10077C35845101548037DF04FD1A420B] - (.Microsoft Corporation - IP Network Address Translator.) (.02/11/2006 - 05:58:09.) -- C:\Windows\system32\Drivers\IpNat.sys [99840]
[MD5.8AF705CE1BB907932157FAB821170F27] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/07/2013 - 15:31:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [102400]
[MD5.E3A168912E7EEFC3BD3B814720D68B41] - (.Microsoft Corporation - MBT Transport driver.) (.02/11/2006 - 05:57:20.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.37430AA7A66D7A63407ADC2C0D05E9F6] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.09/07/2013 - 15:25:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1060920]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Driver de porta paralela.) (.02/11/2006 - 05:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.68B0019FEE429EC49D29017AF937E482] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.01/03/2007 - 15:08:00.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [74752]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 06:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.AC0D90738ADB51A6FD12FF00874A2162] - (.Microsoft Corporation - SMB Transport driver.) (.02/11/2006 - 05:57:10.) -- C:\Windows\system32\Drivers\smb.sys [66048]
[MD5.AB4FDE8AF4A0270A46A001C08CBCE1C2] - (.Microsoft Corporation - TDI Translation Driver.) (.02/11/2006 - 05:57:35.) -- C:\Windows\system32\Drivers\tdx.sys [68096]
[MD5.11EF6C1CAEF76B685233450A126125D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.02/11/2006 - 06:51:18.) -- C:\Windows\system32\Drivers\volsnap.sys [208488]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 9/21
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 1/75
~ Mon Bureau (My Desktop) : 1/24
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.DAAA237C34A506EF56D44A56EA039CC0] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\GbpSv.exe [452968] [PID.888]
[MD5.B1B7BF8A406A19CC4AD6E45555EA77E5] - (.Microsoft Corporation - Isolamento de Gráfico de Dispositivo de Áud.) -- C:\Windows\system32\AUDIODG.exe [88064] [PID.1232]
[MD5.A1DCD30534835CB67733AD00175125A6] - (.Microsoft Corporation - Serviço de Licenciamento de Software Micros.) -- C:\Windows\system32\SLsvc.exe [2605568] [PID.1264]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1588]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.484]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1316]
[MD5.FF81090B6EF1A42A19DF226632711D25] - (.Microsoft Corporation - Windows Update Automatic Updates.) -- C:\Windows\system32\wuauclt.exe [41472] [PID.3032]
[MD5.9AD9E2FB2811123DA13DE84CC154AB77] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1006264] [PID.772]
[MD5.B60128AC587F8E676763F7276A316103] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4702208] [PID.1476]
[MD5.892413E8CE4E633C8B2FE28700BFE58F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.4072]
[MD5.7C5B3139751F10AE0B0728C7826E8028] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [166424] [PID.2944]
[MD5.B0F6FF99D9E436DE03F6FC68BF12A5A5] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [133656] [PID.2884]
[MD5.F01E044C7C8C1C6C2CA2A64F7319528E] - (.Bright - Bright 0089/0090 Client Utility.) -- C:\Program Files\Bright\ACU.exe [405540] [PID.4088]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3232]
[MD5.93B2D0B19FB6B908C272A9423EDB6020] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [256536] [PID.3024]
[MD5.B44CA904E90883CB80B2D3B2DE560CDF] - (.OpenOffice.org - BrOffice.org 2.0.) -- C:\Program Files\BrOffice.org 2.0\program\soffice.exe [2334720] [PID.2948]
[MD5.67556F1039655894A1BD16E350305144] - (.OpenOffice.org - BrOffice.org 2.0.) -- C:\Program Files\BrOffice.org 2.0\program\soffice.BIN [2486272] [PID.3656]
[MD5.05CB3DA78A4BBD9B799A5957F9D101CC] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [68608] [PID.2952]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4552]
[MD5.161233DC79656145086BDBD6918A08D4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8216576] [PID.4172]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Ursula\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: 0091.lnk . (.Bright - 0091 Wireless Client Card Configuration Uti.) -- C:\Program Files\Bright\0091\Mrv8000x.exe
O4 - GS\Desktop [Public]: Aplicativos para Escritorio.lnk . (.OpenOffice.org - BrOffice.org 2.0.) -- C:\Program Files\BrOffice.org 2.0\program\soffice.exe
O4 - GS\Desktop [Public]: Bright Client Utility.lnk . (.Bright - Bright 0089/0090 Client Utility.) -- C:\Program Files\Bright\ACU.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Ursula]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Ursula]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Ursula]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Ursula]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Ursula]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Ursula]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Ursula]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 53 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Ursula]: BrOffice.org 2.0.lnk . (...) -- C:\Program Files\BrOffice.org 2.0\program\quickstart.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ACU] . (.Bright - Bright 0089/0090 Client Utility.) -- C:\Program Files\Bright\ACU.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-134228104-2085873779-558425676-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{26539E40-512C-4DC5-8A92-F6A04533E2D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{A2D62C9C-6A7A-4C68-8761-A41F84B8EEB6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{D3FA6860-2CB5-40FF-A60E-CCBA09A3D04E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Bright Configuration Service (ACS) . (...) - C:\Windows\system32\acs.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: (MBAMService) . (...) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (.not file.)
~ Services: 5 Legitimates Filtered in 00mn 06s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (SASDIFSV) . (. - .) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys (.not file.)
O41 - Driver: (SASKUTIL) . (. - .) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (.not file.)
~ Drivers: 102 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: 0091 - (.Bright.) [HKLM] -- {43A381E6-5BD0-4534-8DB8-03ED7DE168E0}
O42 - Logiciel: Bright Client Installation Program - (.Bright.) [HKLM] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: MCShield ::Anti-Malware Tool:: - (.MyCity.) [HKLM] -- MCShield
~ Logic: 13 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\DriverToolkit]
[HKCU\Software\GbAs]
[HKCU\Software\MCShield]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Bright]
[HKLM\Software\Freeven Pro 1.4] =>PUP.Freeven
[HKLM\Software\NewPlayer]
[HKLM\Software\PCback]
~ Key Software: 138 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/12/2013 - 19:21:13 - [] ----D C:\Program Files\Bright
O43 - CFD: 10/04/2014 - 09:23:24 - [0] -SH-D C:\Program Files\d1b8
O43 - CFD: 12/12/2013 - 17:50:19 - [] ----D C:\Program Files\DriverToolkit
O43 - CFD: 05/04/2014 - 20:16:33 - [] ----D C:\Program Files\MCShield
O43 - CFD: 05/04/2014 - 20:36:27 - [] ----D C:\ProgramData\MCShield
O43 - CFD: 04/04/2014 - 19:04:59 - [0] -SHAD C:\Users\Ursula\AppData\Roaming\ceb0
O43 - CFD: 12/12/2013 - 17:47:11 - [0] ---AD C:\Users\Ursula\AppData\Local\DriverToolkit
~ Program Folder: 121 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.43B30659FBEF968FD5ED7E761D3FD42D] - 05/04/2014 - 18:06:18 ----- . (...) -- C:\PureRa.txt [8718]
O44 - LFC:[MD5.6AB57F954C9FBFD475ADDE7BD72E622D] - 10/04/2014 - 14:13:34 ---A- . (...) -- C:\DelFix.txt [1516]
O44 - LFC:[MD5.13CE7A27387B40BFC6BA7B31C32AD7CD] - 18/04/2014 - 16:49:58 ---A- . (...) -- C:\Windows\ntbtlog.txt [73876]
O44 - LFC:[MD5.F1A9F408483520EB7249CCFF0CEF5F7F] - 18/04/2014 - 17:46:16 ---A- . (...) -- C:\Log malwarebytes1804.txt [1157]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 18/04/2014 - 18:27:08 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 18/04/2014 - 18:46:19 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.2E7E2EE36E70604CFABEC2FBBAADDBD5] - 18/04/2014 - 18:47:17 ---A- . (...) -- C:\zoek-results.log [42166]
O44 - LFC:[MD5.C5276A47EDBE54159D7A169A755E43FE] - 18/04/2014 - 18:54:44 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [83754]
O44 - LFC:[MD5.8202F022577FA1E26363FAEB4C544EDF] - 18/04/2014 - 18:54:44 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [485582]
~ Files: 27 Legitimates Filtered in 00mn 04s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - (no name) - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\GbPlugin\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDFSTab"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.84B4C00AE8CDFC52CF68F322D821F34C] - 09/04/2014 - 08:42:43 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.680448905E27BBC6587ADB28597640D6] - 09/04/2014 - 08:42:43 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760]
O58 - SDL:[MD5.E758A151CE280BBA484CA58C805547F6] - 07/01/2008 - 13:45:28 ---A- . (.No owner - Image Mount Driver.) -- C:\Windows\System32\Drivers\cloverm.sys [27136]
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 06:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.DCF228C60E1036597FD5C4A647790527] - 01/07/2013 - 14:40:10 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47688]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 18/04/2014 - 18:46:19 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 06:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 06:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.566C5FD480FDBCE3BA5CF9FBCFFAEA9A] - 09/10/2008 - 15:42:42 ---A- . (.Windows (R) Codename Longhorn DDK provider - KMWDFilter Driver from UASSOFT.COM.) -- C:\Windows\System32\Drivers\KMWDFILTER.sys [17408]
O58 - SDL:[MD5.F65162EE72E54943B7C9BE3D9AF1684A] - 21/12/2005 - 16:44:28 ---A- . (.Bright, Inc - Bright 0091 driver.) -- C:\Windows\System32\Drivers\MRVW225.sys [299904]
O58 - SDL:[MD5.8E4D90CEC4F77F85D40B66D41EA14032] - 08/01/2008 - 02:15:06 ---A- . (.No owner - WINNT/2K/XP/2003 Driver.) -- C:\Windows\System32\Drivers\Shield.sys [58432]
O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 02/11/2006 - 06:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 06:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 02/11/2006 - 06:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 04:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.CD301D46AC3C98BDB314AAA5CD6B9F5E] - 21/12/2005 - 09:16:34 ---A- . (.Bright , Inc. - Driver for Bright 0089/0090 Wireless Network Adapter.) -- C:\Windows\System32\ar5211.sys [470016]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 04:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 04:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 04:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 04:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 04:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 04:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 04:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 04:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 04:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 04:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 04:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 04:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 17 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 07/01/2008 - C:\Windows\System32\Drivers\cloverm.sys (cloverm) .(.No owner - Image Mount Driver.) - LEGACY_CLOVERM
O64 - Services: CurCS - 01/07/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 72 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.05D4A0A6AF9F7ECB30E7DCD61C9913FF] [SPRF][13/12/2013] (...) -- C:\Users\Ursula\AppData\Roaming\unins000.dat [29169]
[MD5.42CA0E6EBB9C125A31591C92726C5AE9] [SPRF][13/12/2013] (...) -- C:\Users\Ursula\AppData\Roaming\unins001.dat [13996]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "F4E3CDA9AD43DC847872BB629D2075DB" . (..) -- C:\Windows\Installer\{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}\MsblIco.Exe
~ Update Products: 27 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 19/12/2006 36864 | (ACS) . (...) - C:\Windows\system32\acs.exe
SS - | Auto 08/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 10/07/1658 0 | (MBAMScheduler) . (...) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 10/07/1658 0 | (MBAMService) . (...) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 18/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 09/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/10/2013 452968 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 02/11/2006 22016 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 02/11/2006 22016 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 08s



---\\ Scâner Aditional (088)
Database Version : 13044 - (18/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Freeven Pro 1.4] =>PUP.Freeven^
~ Additionnel Scan: 149259 Items scanned in 00mn 35s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 791 Legitimates filtered by white list
End of the scan (474 lines in 01mn 27s)(0)