Anúncios indesejados no navegador!

Boa tarde. Meu computador parece estar infectado por algum vírus que cria anúncios indesejados, isso aconteceu após o download de um jogo. Além de ter sido instalado o AVG. Pode me ajudar? Se possível, gostaria de saber também como bloquear downloads e instalação de programas pois isso tem acontecido com frequência por causa do uso indevido de terceiros. Desde já agradeço.  

  Oi Sara.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.023 - Relatório criado 21/04/2014 às 09:51:00
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : sara - SARA-PC
# Executando de : C:\Users\sara\Downloads\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\AVG SafeGuard toolbar
Pasta Deletada : C:\ProgramData\AVG Secure Search
Pasta Deletada : C:\ProgramData\Systweak
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Pasta Deletada : C:\Program Files\Advanced System Protector
Pasta Deletada : C:\Program Files\AVG SafeGuard toolbar
Pasta Deletada : C:\Program Files\RegClean Pro
Pasta Deletada : C:\Program Files\Common Files\AVG Secure Search
[!] Pasta Deletada : C:\Users\sara\AppData\Local\AVG SafeGuard toolbar
Pasta Deletada : C:\Users\sara\AppData\LocalLow\AVG SafeGuard toolbar
Pasta Deletada : C:\Users\sara\AppData\Roaming\Systweak
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
Arquivo Deletada : C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\za57zbyv.default\user.js
Arquivo Deletada : C:\Windows\System32\Tasks\Advanced System Protector
Arquivo Deletada : C:\Windows\System32\Tasks\Advanced System Protector_startup
Arquivo Deletada : C:\Windows\System32\Tasks\RegClean Pro
Arquivo Deletada : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
Arquivo Deletada : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
Arquivo Deletada : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Arquivo Deletada : C:\Windows\System32\Tasks\RegClean Pro_UPDATES

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{791C8A3A-A49A-4C7F-9CA3-8F941E6DB921}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{791C8A3A-A49A-4C7F-9CA3-8F941E6DB921}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8880CB7-EBC8-44E9-BD9B-7E51DB9424E7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8880CB7-EBC8-44E9-BD9B-7E51DB9424E7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B78C5588-3AB6-4F86-B9EE-BA7C705997C4}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59D37FE6-9FDB-4352-A214-A4982F8B84C8}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A362B914-F3E8-4AD2-A0A8-8A10DC07C4F5}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B78C5588-3AB6-4F86-B9EE-BA7C705997C4}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59D37FE6-9FDB-4352-A214-A4982F8B84C8}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A362B914-F3E8-4AD2-A0A8-8A10DC07C4F5}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Chave Deletedo : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Chave Deletedo : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Chave Deletedo : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Chave Deletedo : HKLM\SOFTWARE\Classes\S
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Chave Deletedo : HKCU\Software\AVG SafeGuard toolbar
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKLM\Software\AVG SafeGuard toolbar
Chave Deletedo : HKLM\Software\AVG Security Toolbar
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\za57zbyv.default\prefs.js ]

Linha deletada : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Linha deletada : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[R0].txt - [11626 octets] - [17/04/2014 21:35:42]
AdwCleaner[R1].txt - [8456 octets] - [21/04/2014 09:49:49]
AdwCleaner[S0].txt - [11379 octets] - [17/04/2014 21:36:31]
AdwCleaner[S1].txt - [7690 octets] - [21/04/2014 09:51:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7750 octets] ##########

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

são: 2.00.1.1004
Malware Database: v2014.04.21.05
Rootkit Database: v2014.03.27.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Chameleon: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: sara

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 421339
Tempo Decorrido: 1 hr, 53 min, 57 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processos: 4
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\updateBrowseMark.exe, 2436, Delete-on-Reboot, [a8512c00b0cbae88cd1575f5ac5528d8]
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\utilBrowseMark.exe, 2816, Delete-on-Reboot, [e712e844bbc0b0863da569015ca54bb5]
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe, 4232, Delete-on-Reboot, [b841121ab9c2be7819b8cba7a161718f]
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\FilterApp_C.exe, 4344, Delete-on-Reboot, [b841121ab9c2be7819b8cba7a161718f]

Módulos: 3
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\BrowseMarkBAApp.dll, Delete-on-Reboot, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\{b99c8534-7800-48fa-bd71-519a46cdc7e1}.dll, Delete-on-Reboot, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\{b99c8534-7800-48fa-bd71-519a46cdc7e1}.dll, Delete-on-Reboot, [b841121ab9c2be7819b8cba7a161718f],

Chaves de Registro: 19
PUP.Optional.BrowseMark.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update BrowseMark, Quarantined, [a8512c00b0cbae88cd1575f5ac5528d8],
PUP.Optional.BrowseMark.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util BrowseMark, Quarantined, [e712e844bbc0b0863da569015ca54bb5],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\CLASSES\CLSID\{aeac172e-2e4b-4b92-9af6-b0cdb1acecdb}, Quarantined, [31c898946615f640c500fc69d1300df3],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0403706e-b8fa-450c-a865-018d5b28e9e1}, Quarantined, [31c898946615f640c500fc69d1300df3],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BCAD45DB-5F28-4FED-8759-41E07EE6402F}, Quarantined, [31c898946615f640c500fc69d1300df3],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}, Quarantined, [31c898946615f640c500fc69d1300df3],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\CLASSES\CLSID\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}\INPROCSERVER32, Quarantined, [31c898946615f640c500fc69d1300df3],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowseMark, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\BrowseMark, Quarantined, [41b863c92e4d9d991cb790e233cff50b],
PUP.Optional.Highlightly, HKLM\SOFTWARE\Highlightly, Quarantined, [08f1c26a730884b27cb5585453b08b75],
PUP.Optional.Melondrea.A, HKLM\SOFTWARE\melondrea, Quarantined, [8079eb412853c571bb8e5921b34f13ed],
PUP.Optional.Highlightly, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HIGHLIGHTLY, Quarantined, [51a86fbd572439fd8ba729836c9717e9],
PUP.Optional.Melondrea.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update melondrea, Quarantined, [9564b478c7b4132332181a60b44ee719],
PUP.Optional.BrowseMark.A, HKU\S-1-5-21-3494737314-1258950454-2574509943-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowseMark, Quarantined, [8c6d44e81b60999db022442e3fc3867a],
PUP.Optional.Melondrea.A, HKU\S-1-5-21-3494737314-1258950454-2574509943-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\melondrea, Quarantined, [fefbb973512a0d297bcd1268e2208b75],

Valores de Registro: 1
PUP.Optional.Highlightly, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HIGHLIGHTLY|UninstallString, C:\Program Files\Highlightly\Uninstall.exe, Quarantined, [51a86fbd572439fd8ba729836c9717e9]

Dados do Registro: 0
(No malicious items detected)

Pastas: 4
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark, Delete-on-Reboot, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin, Delete-on-Reboot, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\plugins, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\TEMP, Quarantined, [b841121ab9c2be7819b8cba7a161718f],

Arquivos: 44
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\updateBrowseMark.exe, Delete-on-Reboot, [a8512c00b0cbae88cd1575f5ac5528d8],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\utilBrowseMark.exe, Delete-on-Reboot, [e712e844bbc0b0863da569015ca54bb5],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\BrowseMarkBHO.dll, Quarantined, [31c898946615f640c500fc69d1300df3],
PUP.Optional.Somoto.A, C:\Users\sara\Documents\VDownloaderInstallerICT.exe, Quarantined, [01f8c369c4b7f24420e64eeaf50b47b9],
PUP.Optional.InstallCore, C:\Users\sara\Documents\ZipExtractorSetup.exe, Quarantined, [28d1d458a8d3a294abc96692fd06c43c],
PUP.Optional.InstallCore.A, C:\Users\sara\Downloads\pcsx2-121-32-bits (1).exe, Quarantined, [56a333f9fb802313c4ff1d02768eff01],
PUP.Optional.InstallCore.A, C:\Users\sara\Downloads\pcsx2-121-32-bits.exe, Quarantined, [1bde06267902ae888f3446d92ada9c64],
PUP.Optional.OpenCandy, C:\Users\sara\Downloads\PhotoScape_V3.6.4.exe, Quarantined, [00f9e04ca3d81f173d40e568699bf907],
PUP.Optional.BundleInstaller.A, C:\Users\sara\Downloads\aTube Catcher.exe, Quarantined, [8277072526551b1be56efc442bd59868],
PUP.Optional.Spigot.A, C:\Users\sara\Downloads\aTubeCatcher.exe, Quarantined, [f70281ab72099c9aecef110e60a114ec],
PUP.Optional.Softonic.A, C:\zoek_backup\C_Users_sara_Downloads_SoftonicDownloader_para_bluestacks-app-player.exe.vir, Quarantined, [887199934734d16532fd20fb7091ae52],
PUP.Optional.Softonic, C:\zoek_backup\C_Users_sara_Downloads_SoftonicDownloader_para_megaupload-downloader.exe.vir, Quarantined, [e9103def3d3ee056c50b7c83619f827e],
PUP.Optional.Iminent, C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Umbrella\Umbrella235.exe.vir, Quarantined, [f306919b750696a0509379898d743dc3],
PUP.Optional.HighLightly.A, C:\AdwCleaner\Quarantine\C\Program Files\Highlightly\Uninstall.exe.vir, Quarantined, [1cdd97952457b383537dcd9b9d641fe1],
PUP.Optional.Iminent.A, C:\AdwCleaner\Quarantine\C\Program Files\Iminent\inst\Bootstrapper\IminentUninstall.exe.vir, Quarantined, [8c6d6bc11f5c7abc2ffc69d6e41dda26],
PUP.Optional.Iminent, C:\AdwCleaner\Quarantine\C\Program Files\Iminent\inst\Bootstrapper\uninstall.exe.vir, Quarantined, [9a5f81ab413a79bd449fca3831d0ae52],
PUP.Optional.Iminent, C:\AdwCleaner\Quarantine\C\Program Files\IminentToolbar\1.8.28.3\iminentApp.dll.vir, Quarantined, [e712d656ef8c3df996eaa78e2bd530d0],
PUP.Optional.Iminent, C:\AdwCleaner\Quarantine\C\Program Files\IminentToolbar\1.8.28.3\iminentEng.dll.vir, Quarantined, [30c95ad2ceadfe381d636bca1fe1da26],
PUP.Optional.Iminent, C:\AdwCleaner\Quarantine\C\Program Files\IminentToolbar\1.8.28.3\iminentsrv.exe.vir, Quarantined, [0aef5ad24536ea4cc8b8092ca55bf20e],
PUP.Optional.Iminent, C:\AdwCleaner\Quarantine\C\Program Files\IminentToolbar\1.8.28.3\iminentTlbr.dll.vir, Quarantined, [2acf56d6adce5ed8334d320340c056aa],
PUP.Optional.Iminent, C:\AdwCleaner\Quarantine\C\Program Files\IminentToolbar\1.8.28.3\bh\iminent.dll.vir, Quarantined, [d227a488205ba393d4ac1322e02041bf],
PUP.Optional.Melondrea.A, C:\AdwCleaner\Quarantine\C\Program Files\melondrea\melondreaBHO.dll.vir, Quarantined, [a851b874cead1e1857a9dc7a60a11ce4],
PUP.Optional.Melondrea.A, C:\AdwCleaner\Quarantine\C\Program Files\melondrea\updatemelondrea.exe.vir, Quarantined, [45b4e448f38869cdab5674e27d84c739],
PUP.Optional.Melondrea.A, C:\AdwCleaner\Quarantine\C\Program Files\melondrea\bin\utilmelondrea.exe.vir, Quarantined, [eb0ec46872093ef8857c1a3c58a903fd],
PUP.Optional.BrowseMark.A, C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\za57zbyv.default\extensions\{b99c8534-7800-48fa-bd71-519a46cdc7e1}.xpi, Quarantined, [04f58f9ddd9e2c0a41181e517a880df3],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\BrowseMark.ico, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\0, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\7za.exe, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\BrowseMarkUninstall.exe, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\updateBrowseMark.InstallState, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\7za.exe, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe, Delete-on-Reboot, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\BrowseMarkBAApp.dll, Delete-on-Reboot, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\BrowserAdapterS.7z, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\FilterApp_C.exe, Delete-on-Reboot, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\sqlite3.dll, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\utilBrowseMark.InstallState, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\{b99c8534-7800-48fa-bd71-519a46cdc7e1}.dll, Delete-on-Reboot, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\plugins\BrowseMark.Bromon.dll, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\plugins\BrowseMark.BrowserAdapterS.dll, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\plugins\BrowseMark.CompatibilityChecker.dll, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\plugins\BrowseMark.FFUpdate.dll, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\plugins\BrowseMark.IEUpdate.dll, Quarantined, [b841121ab9c2be7819b8cba7a161718f],
PUP.Optional.BrowseMark.A, C:\Program Files\BrowseMark\bin\plugins\BrowseMark.PurBrowseG.dll, Quarantined, [b841121ab9c2be7819b8cba7a161718f],

Physical Sectors: 0
(No malicious items detected)


(end)

 Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by sara on 21/04/2014 at 16:51:32,17.
Microsoft Windows 7 Starter  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\sara\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-04-18-023158.log 40184 bytes
C:\zoek-results2014-04-18-131051.log 812534 bytes
C:\zoek-results2014-04-18-143033.log 11892 bytes
C:\zoek-results2014-04-18-150140.log 6488 bytes
C:\zoek-results2014-04-18-154456.log 5967 bytes

==== System Restore Info ======================

21/04/2014 16:54:35 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.0.5 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.0.5 deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\za57zbyv.default\prefs.js:
user_pref("browser.startup.homepage", "http://mysearch.avg.com?cid={0D6BE49C-41A7-4812-9D11-A7D009A3D58B}&mid=c1b66177632d47d39650e92931c38d65-097fb3c84a64393384b4b2a87475d69b276de39e&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-04-21 09:46:54&v=18.0.5.292&pid=safeguard&sg=&sap=hp");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\za57zbyv.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\za57zbyv.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_022014_1413_.backup
prefs_042014_1708_.backup
prefs_042014_2323_.backup

==== Deleting Files \ Folders ======================

C:\Users\sara\AppData\Local\AVG SafeGuard toolbar deleted
C:\Windows\system32\sasnative32.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [21/01/2014 09:30]

==== Firefox Extensions ======================

ProfilePath: C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\za57zbyv.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\za57zbyv.default
ABE2E50533899C45DFA03E1D8767648F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll - Shockwave Flash
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
65C1D9F74004E775F9A8598476ABE5EE - C:\Users\sara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
C47920B4F36C19F97BD2EC19481387E5 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\sara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
01E4DA82C518853EF3B16209C038D7B9 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
60F23A6CE8B9F9BE995EAACFF0022DFC - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
A64F2C388DC26BE3E469EDC3657B14F4 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
C45F7E59F2A0A6D3C4E90117F4752414 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
F7AEAD4303A056F2D1685B43024776CA - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
FA0A3008589567CB7196620B05C9F28D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/01/2014 20:09]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[03/03/2014 09:53]

avast Online Security - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
RealDownloader - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Skype Click to Call - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
avast Online Security - sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
RealDownloader - sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Skype Click to Call - sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6670F320-7987-417F-BCCF-570B842ED85D} Google  Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz="
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== shortcuts on Users Desktops ======================

C:\Users\Convidado\Desktop\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
C:\Users\Convidado\Desktop\CyberLink DVD Suite.lnk - C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\Convidado\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Default\Desktop\CyberLink DVD Suite.lnk - C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\Default User\Desktop\CyberLink DVD Suite.lnk - C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\sara\Desktop\Brasfoot 2012.lnk - C:\Brasfoot2012\bf2012.exe
C:\Users\sara\Desktop\Brasfoot 2013.lnk - C:\Brasfoot2013\bf2013.exe
C:\Users\sara\Desktop\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
C:\Users\sara\Desktop\CyberLink DVD Suite.lnk - C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\sara\Desktop\Documentos.lnk - C:\Users\sara\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
C:\Users\sara\Desktop\FoxitReaderPortable - Atalho.lnk - C:\Users\sara\Downloads\FoxitReaderPortable\FoxitReaderPortable.exe
C:\Users\sara\Desktop\InterApp Control.lnk - C:\Program Files\qubnfe\qubnfe.exe
C:\Users\sara\Desktop\JetBee.lnk - C:\Program Files\Complex\JetBee\jetbee.exe
C:\Users\sara\Desktop\Microsoft Office PowerPoint 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\sara\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\sara\Desktop\Oi Velox.lnk - C:\Program Files\Oi\Programmer\OiVelox.exe
C:\Users\sara\Desktop\Photo Editor.lnk -  
C:\Users\sara\Desktop\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\USURIO~1\Desktop\CyberLink DVD Suite.lnk - C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Ajuda do PlayMemories Home.lnk - C:\Program Files\Sony\PlayMemories Home\PMBBrowser.exe /Help
C:\Users\Public\Desktop\Apps.lnk - C:\Users\Public\Libraries\Apps.library-ms
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -  
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Itautec Descomplica.lnk - C:\Program Files\Itautec Descomplica\Descomplica.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\PlayMemories Home.lnk - C:\Program Files\Sony\PlayMemories Home\PMBBrowser.exe
C:\Users\Public\Desktop\PokerStars.lnk - C:\Program Files\PokerStars\PokerStarsUpdate.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\Start BlueStacks.lnk - C:\Program Files\BlueStacks\HD-StartLauncher.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe  /VIDEOSEARCH

==== shortcuts in Users Start Menu ======================

C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\sara\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk - C:\Program Files\PokerStars\PokerStarsUpdate.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brasfoot 2014\Manual do Brasfoot 2014.lnk - C:\Brasfoot2014\Manual_Brasfoot_2014.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brasfoot2014\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterApp Control\Ajuda do InterApp Control.lnk - C:\Program Files\qubnfe\qubnfe.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterApp Control\InterApp Control.lnk - C:\Program Files\qubnfe\qubnfe.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office\Diagnóstico do Microsoft Office.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars\Network Status.lnk - C:\Program Files\PokerStars\Tracer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars\PokerStars.lnk - C:\Program Files\PokerStars\PokerStarsUpdate.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars\Uninstall PokerStars.lnk - C:\Program Files\PokerStars\PokerStarsUninstall.exe /u:PokerStars

==== shortcuts in Quick Launch ======================

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer (2).lnk - C:\Windows\explorer.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player (2).lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JetBee.lnk - C:\Program Files\Complex\JetBee\jetbee.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8  
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files\PokerStars\PokerStarsUpdate.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Video Search.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe  /VIDEOSEARCH
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer (2).lnk - C:\Windows\explorer.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player (2).lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\sara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU985EBU will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\sara\AppData\Local\Mozilla\Firefox\Profiles\za57zbyv.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3580 folders=594 744028765 bytes)

==== Empty Temp Folders ======================

C:\Users\Convidado\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\sara\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\sara\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not deleted
"C:\Users\sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU985EBU" not found
"C:\Users\sara\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HB687DB9\static.issuu.com"  not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 21/04/2014 at 17:14:48,01 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

Quando eu clicava em "sim" para executar o arquivo não acontecia nada. Na terceira tentativa deu certo. Após um tempo foi solicitado que eu reiniciasse o pc, porém quando voltou ficou aquela tela preta mas n tinha nenhuma letra, então fechei. Agora quando tento executar o programa aparece uma mensagem que não permite a execução.

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

*Execute o FRST e aceite o contrato


*Clique [Scan]


*Ao término clique [OK] > [OK]



*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2014 02
Ran by sara (administrator) on SARA-PC on 21-04-2014 18:49:40
Running from C:\Users\sara\Downloads
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Quartzo Desenvolvimento de Software  Ltda.) C:\Program Files\qubnfe\qubnfe.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Frontend.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [161328 2007-05-04] (Nero AG)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\update\realsched.exe [295512 2013-07-26] (RealNetworks, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-03] (AVAST Software)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [623376 2013-11-18] (BlueStack Systems, Inc.)
HKLM\...\Run: [qubnfe] => C:\Program Files\qubnfe\qubnfe.exe [1015608 2014-03-01] (Quartzo Desenvolvimento de Software  Ltda.)
HKU\.DEFAULT\...\RunOnce: [] - [X]
HKU\S-1-5-19\...\RunOnce: [] - [X]
HKU\S-1-5-20\...\RunOnce: [] - [X]
HKU\S-1-5-21-3494737314-1258950454-2574509943-1000\...\Run: [Facebook Update] => C:\Users\sara\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-07] (Facebook Inc.)
HKU\S-1-5-21-3494737314-1258950454-2574509943-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272640 2012-09-12] (Microsoft Corporation)
HKU\S-1-5-21-3494737314-1258950454-2574509943-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [149040 2007-05-04] (Nero AG)
HKU\S-1-5-21-3494737314-1258950454-2574509943-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3494737314-1258950454-2574509943-1000\...\Policies\system: [EnableLUA] 1
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk
ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\za57zbyv.default
FF NewTab: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\sara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\sara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-29]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-22]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-03]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-17]
CHR Extension: (avast! Online Security) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-21]
CHR Extension: (RealDownloader) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-28]
CHR Extension: (Skype Click to Call) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-03]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-03] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-03] (AVAST Software)
R2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [398096 2013-11-18] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2013-11-18] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [206360 2010-11-11] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()

==================== Drivers (Whitelisted) ====================

R1 360FileOem; C:\Windows\system32\drivers\360FileOem.sys [152880 2012-09-17] (360.cn)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-03] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-03] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-21] (AVG Technologies)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [70528 2014-03-21] (Baidu, Inc.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [68880 2013-11-18] (BlueStack Systems)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [182680 2013-10-28] (DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-04-21] (StdLib)
S0 360HookOem; system32\drivers\360HookOEM.sys [X]
S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]
U5 Bfilter; C:\Windows\System32\Drivers\Bfilter.sys [45888 2014-01-23] (Baidu, Inc.)
U5 Bfmon; C:\Windows\System32\Drivers\Bfmon.sys [29504 2014-01-16] (Baidu, Inc.)
U5 Bhbase; C:\Windows\System32\Drivers\Bhbase.sys [94976 2014-01-14] (Baidu, Inc.)
U5 Bndef; C:\Windows\System32\Drivers\Bndef.sys [51616 2014-03-21] (Baidu, Inc.)
U5 Bprotect; C:\Windows\System32\Drivers\Bprotect.sys [155968 2014-03-21] (Baidu, Inc.)
U2 srservice;
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 18:49 - 2014-04-21 18:50 - 00017918 _____ () C:\Users\sara\Downloads\FRST.txt
2014-04-21 18:49 - 2014-04-21 18:49 - 00000000 ____D () C:\FRST
2014-04-21 18:48 - 2014-04-21 18:48 - 01048064 _____ (Farbar) C:\Users\sara\Downloads\FRST.exe
2014-04-21 18:00 - 2014-04-21 18:00 - 00000000 ____D () C:\Windows\ERUNT
2014-04-21 17:52 - 2014-04-21 17:53 - 01016261 _____ (Thisisu) C:\Users\sara\Downloads\JRT.exe
2014-04-21 17:11 - 2014-04-21 16:51 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-21 16:53 - 2014-04-18 12:44 - 00005967 _____ () C:\zoek-results2014-04-18-154456.log
2014-04-21 16:49 - 2014-04-21 16:50 - 01285120 _____ () C:\Users\sara\Desktop\zoek.exe
2014-04-21 15:03 - 2014-04-21 15:03 - 00407376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 13:02 - 2014-04-21 18:32 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 12:59 - 2014-04-21 12:59 - 00001033 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-21 12:58 - 2014-04-21 12:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-21 12:58 - 2014-04-21 12:58 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-04-21 12:58 - 2014-04-21 12:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 12:58 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-21 12:58 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-21 12:58 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-21 12:46 - 2014-04-21 12:48 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\sara\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-21 11:12 - 2014-04-21 11:12 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-04-21 09:46 - 2014-04-21 09:46 - 00003754 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2014-04-21 09:45 - 2014-04-21 09:47 - 00000000 ____D () C:\Program Files\PCSX2 1.2.1
2014-04-21 09:44 - 2014-04-21 09:44 - 15127264 _____ () C:\Users\sara\Downloads\678-pcsx2-1.2.1-r5875-setup.exe
2014-04-18 21:37 - 2014-04-18 21:37 - 00000631 _____ () C:\Users\Convidado\Desktop\Brasfoot2014.lnk
2014-04-18 21:18 - 2014-04-18 21:18 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Google
2014-04-18 21:15 - 2014-04-18 21:18 - 00002168 _____ () C:\Users\Convidado\Desktop\Google Chrome.lnk
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Modelos
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Meus documentos
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Menu Iniciar
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Documents\Minhas músicas
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Documents\Minhas imagens
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Documents\Meus vídeos
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Dados de aplicativos
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Configurações locais
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\AppData\Local\Histórico
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\AppData\Local\Dados de aplicativos
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Ambiente de rede
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Ambiente de impressão
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 ____D () C:\Users\Convidado\AppData\Roaming\Real
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 ____D () C:\Users\Convidado\AppData\Roaming\AVAST Software
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 ____D () C:\Users\Convidado\AppData\Roaming\Adobe
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 ____D () C:\Users\Convidado\AppData\Local\VirtualStore
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 ____D () C:\Users\Convidado
2014-04-18 21:15 - 2013-10-10 16:22 - 00000000 ____D () C:\Users\Convidado\AppData\Roaming\TuneUp Software
2014-04-18 21:15 - 2012-10-25 20:32 - 00002077 _____ () C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-04-18 21:15 - 2012-10-03 12:34 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Microsoft Help
2014-04-18 21:15 - 2011-05-16 09:42 - 00001157 _____ () C:\Users\Convidado\Desktop\CyberLink DVD Suite.lnk
2014-04-18 21:15 - 2011-05-16 09:42 - 00000000 ____D () C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-04-18 21:15 - 2011-05-16 09:30 - 00001394 _____ () C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-18 21:15 - 2011-05-16 09:23 - 00000020 ___SH () C:\Users\Convidado\ntuser.ini
2014-04-18 21:15 - 2009-07-14 01:42 - 00000000 ___RD () C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-18 21:15 - 2009-07-14 01:37 - 00000000 ___RD () C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-18 13:15 - 2014-04-18 13:15 - 00027505 _____ () C:\Users\sara\Downloads\PureRa(1).zip
2014-04-18 13:15 - 2011-07-31 16:14 - 00076565 _____ (RaProducts.org) C:\Users\sara\Desktop\PureRa.exe
2014-04-18 11:58 - 2014-04-18 11:30 - 00011892 _____ () C:\zoek-results2014-04-18-143033.log
2014-04-18 11:26 - 2014-04-18 10:10 - 00812534 _____ () C:\zoek-results2014-04-18-131051.log
2014-04-18 09:48 - 2014-04-17 23:31 - 00040184 _____ () C:\zoek-results2014-04-18-023158.log
2014-04-17 23:29 - 2014-04-17 23:29 - 00000304 _____ () C:\files.txt
2014-04-17 23:13 - 2014-04-21 17:14 - 00024615 _____ () C:\zoek-results.log
2014-04-17 21:52 - 2014-04-21 18:06 - 00000000 ____D () C:\Users\Public\interapp
2014-04-17 21:52 - 2014-04-17 21:52 - 00000952 _____ () C:\Users\sara\Desktop\InterApp Control.lnk
2014-04-17 21:52 - 2014-04-17 21:52 - 00000000 __SHD () C:\Program Files\qubnfe
2014-04-17 21:52 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\system32\mscomct2.ocx
2014-04-17 21:52 - 2003-07-06 13:07 - 00372736 _____ (Intel Corporation) C:\Windows\system32\ijl15.dll
2014-04-17 21:52 - 2000-05-21 23:00 - 00608448 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.ocx
2014-04-17 21:52 - 2000-05-21 23:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\system32\richtx32.ocx
2014-04-17 21:52 - 2000-05-21 23:00 - 00115920 _____ (Microsoft Corporation) C:\Windows\system32\msinet.ocx
2014-04-17 21:52 - 1999-11-21 13:11 - 00372736 _____ () C:\Windows\system32\wintbr.ocx
2014-04-17 21:52 - 1999-05-06 23:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx
2014-04-17 21:52 - 1998-06-24 00:00 - 00166200 _____ (Microsoft Corporation) C:\Windows\system32\msmask32.ocx
2014-04-17 21:50 - 2014-04-17 21:50 - 03052800 _____ (Quartzo Software Ltda. ) C:\Users\sara\Downloads\InterApp-Free-406.exe
2014-04-17 21:35 - 2014-04-21 09:51 - 00000000 ____D () C:\AdwCleaner
2014-04-17 21:34 - 2014-04-17 21:34 - 01426178 _____ () C:\Users\sara\Downloads\adwcleaner.exe
2014-04-17 15:54 - 2014-04-21 17:13 - 00019536 _____ () C:\Windows\PFRO.log
2014-04-17 14:29 - 2014-03-21 05:05 - 00070528 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnbasex.sys
2014-04-17 14:29 - 2014-03-21 05:05 - 00051616 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef.sys
2014-04-17 13:47 - 2014-04-17 13:47 - 00002134 _____ () C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-17 13:46 - 2014-04-17 13:46 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft OneDrive
2014-04-17 13:46 - 2014-04-17 13:46 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-17 13:24 - 2014-04-17 13:24 - 00000029 _____ () C:\Windows\system32\config.ini
2014-04-17 13:24 - 2014-03-21 05:05 - 00155968 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2014-04-17 13:24 - 2014-01-23 03:57 - 00045888 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2014-04-17 13:24 - 2014-01-16 05:53 - 00029504 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2014-04-17 13:24 - 2014-01-14 06:36 - 00094976 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2014-04-17 13:18 - 2014-04-17 13:18 - 00000000 __SHD () C:\Users\sara\AppData\Local\EmieUserList
2014-04-17 13:18 - 2014-04-17 13:18 - 00000000 __SHD () C:\Users\sara\AppData\Local\EmieSiteList
2014-04-15 05:41 - 2014-04-15 05:41 - 00001728 _____ () C:\Users\sara\Downloads\IMG_981.htm
2014-04-15 05:40 - 2014-04-15 05:40 - 00001728 _____ () C:\Users\sara\Downloads\IMG17.htm
2014-04-14 10:53 - 2014-04-14 11:02 - 137699152 _____ (Apple Inc.) C:\Users\sara\Downloads\iTunesSetup.exe
2014-04-13 13:06 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 13:06 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-13 13:06 - 2014-03-06 05:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-13 13:06 - 2014-03-06 05:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 13:06 - 2014-03-06 05:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-13 13:06 - 2014-03-06 04:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 13:06 - 2014-03-06 04:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 13:06 - 2014-03-06 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-13 13:06 - 2014-03-06 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-13 13:06 - 2014-03-06 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-13 13:06 - 2014-03-06 04:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-13 13:06 - 2014-03-06 04:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-13 13:06 - 2014-03-06 04:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-13 13:06 - 2014-03-06 04:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 13:06 - 2014-03-06 04:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-13 13:06 - 2014-03-06 04:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-13 13:06 - 2014-03-06 04:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-13 13:06 - 2014-03-06 03:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 13:06 - 2014-03-06 02:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-13 13:05 - 2014-03-06 06:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 13:05 - 2014-03-06 04:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 13:05 - 2014-03-06 04:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 13:05 - 2014-03-06 03:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-13 13:05 - 2014-03-06 03:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 13:05 - 2014-03-06 02:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 13:05 - 2014-03-06 02:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 16:28 - 2014-04-10 16:28 - 00810360 _____ () C:\Users\sara\Downloads\AdobeFlashPlayer.exe
2014-04-09 12:06 - 2014-02-03 23:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 12:06 - 2014-02-03 23:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 12:06 - 2014-02-03 23:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 12:06 - 2014-02-03 23:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 12:06 - 2014-01-23 23:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 12:05 - 2014-03-04 06:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 21:00 - 2014-04-21 18:04 - 00005096 _____ () C:\Windows\setupact.log
2014-04-08 21:00 - 2014-04-08 21:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 19:35 - 2014-04-06 19:35 - 00002081 _____ () C:\Users\Public\Desktop\Video Search.lnk
2014-04-06 19:35 - 2014-04-06 19:35 - 00001157 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-04-06 19:28 - 2014-04-06 19:31 - 17282640 _____ (DsNET Corp) C:\Users\sara\Downloads\aTubeCatcher (1).exe
2014-04-06 14:21 - 2014-04-18 21:37 - 00000631 _____ () C:\Users\sara\Desktop\Brasfoot2014.lnk
2014-04-06 14:21 - 2014-04-06 14:21 - 00000000 ____D () C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot2014
2014-04-06 14:21 - 2014-04-06 14:21 - 00000000 ____D () C:\Brasfoot2014
2014-04-06 14:20 - 2014-04-06 14:20 - 07290660 _____ () C:\Users\sara\Downloads\brasfoot2014.exe
2014-04-05 18:25 - 2014-04-05 18:25 - 00621912 _____ ( ) C:\Users\sara\Downloads\VDownloaderInstallerIC(1).exe
2014-04-05 17:58 - 2014-04-05 17:58 - 00000000 _____ () C:\Users\sara\Downloads\Não confirmado 135124.crdownload
2014-04-05 17:51 - 2014-04-05 17:51 - 00621912 _____ ( ) C:\Users\sara\Downloads\VDownloaderInstallerIC.exe
2014-03-30 18:37 - 2014-04-10 22:25 - 00000000 ____D () C:\Users\sara\AppData\Local\PokerStars
2014-03-30 18:37 - 2014-03-30 18:37 - 00001032 _____ () C:\Users\Public\Desktop\PokerStars.lnk
2014-03-30 18:36 - 2014-03-30 18:37 - 00000000 ____D () C:\Program Files\PokerStars
2014-03-30 18:29 - 2014-03-30 18:32 - 32930352 _____ (PokerStars) C:\Users\sara\Downloads\PokerStarsInstall.exe
2014-03-29 22:09 - 2014-03-29 22:09 - 00086807 _____ () C:\Users\sara\Downloads\_revisão(1)
2014-03-29 22:08 - 2014-03-29 22:08 - 00086807 _____ () C:\Users\sara\Downloads\_revisão
2014-03-29 14:16 - 2014-04-17 13:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-25 18:57 - 2014-03-25 18:58 - 00000000 ____D () C:\Users\sara\Desktop\Bloco de notas
2014-03-24 20:05 - 2014-03-24 20:05 - 00000000 ____D () C:\Users\sara\AppData\Roaming\Windows Live Writer
2014-03-24 20:05 - 2014-03-24 20:05 - 00000000 ____D () C:\Users\sara\AppData\Local\Windows Live Writer

==================== One Month Modified Files and Folders =======

2014-04-21 18:50 - 2014-04-21 18:49 - 00017918 _____ () C:\Users\sara\Downloads\FRST.txt
2014-04-21 18:49 - 2014-04-21 18:49 - 00000000 ____D () C:\FRST
2014-04-21 18:48 - 2014-04-21 18:48 - 01048064 _____ (Farbar) C:\Users\sara\Downloads\FRST.exe
2014-04-21 18:44 - 2014-01-09 15:19 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 18:32 - 2014-04-21 13:02 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 18:13 - 2009-07-14 01:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 18:13 - 2009-07-14 01:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 18:10 - 2011-05-16 09:43 - 01199877 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 18:06 - 2014-04-17 21:52 - 00000000 ____D () C:\Users\Public\interapp
2014-04-21 18:05 - 2012-12-05 10:16 - 00000000 ____D () C:\Users\sara\Tracing
2014-04-21 18:05 - 2012-10-02 17:57 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 18:05 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 18:04 - 2014-04-08 21:00 - 00005096 _____ () C:\Windows\setupact.log
2014-04-21 18:03 - 2012-10-02 17:57 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 18:00 - 2014-04-21 18:00 - 00000000 ____D () C:\Windows\ERUNT
2014-04-21 17:53 - 2014-04-21 17:52 - 01016261 _____ (Thisisu) C:\Users\sara\Downloads\JRT.exe
2014-04-21 17:39 - 2012-10-02 10:41 - 00000000 ____D () C:\Users\sara\AppData\Local\CrashDumps
2014-04-21 17:32 - 2013-12-12 21:32 - 00000000 ____D () C:\Users\sara\Desktop\exportar
2014-04-21 17:14 - 2014-04-17 23:13 - 00024615 _____ () C:\zoek-results.log
2014-04-21 17:13 - 2014-04-17 15:54 - 00019536 _____ () C:\Windows\PFRO.log
2014-04-21 17:08 - 2014-02-28 14:05 - 00000000 ____D () C:\zoek_backup
2014-04-21 17:00 - 2012-10-04 08:45 - 00000000 ____D () C:\Users\sara\Desktop\Enfermagem
2014-04-21 16:51 - 2014-04-21 17:11 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-21 16:50 - 2014-04-21 16:49 - 01285120 _____ () C:\Users\sara\Desktop\zoek.exe
2014-04-21 16:36 - 2012-10-02 19:30 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3494737314-1258950454-2574509943-1000UA.job
2014-04-21 15:03 - 2014-04-21 15:03 - 00407376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 15:02 - 2011-04-12 01:47 - 00000000 ____D () C:\Windows\pt-BR
2014-04-21 15:01 - 2009-07-13 23:04 - 00000580 _____ () C:\Windows\win.ini
2014-04-21 12:59 - 2014-04-21 12:59 - 00001033 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-21 12:59 - 2014-04-21 12:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-21 12:58 - 2014-04-21 12:58 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-04-21 12:58 - 2014-04-21 12:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 12:48 - 2014-04-21 12:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\sara\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-21 11:12 - 2014-04-21 11:12 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-04-21 09:57 - 2014-03-02 10:24 - 00010578 _____ () C:\PureRa.txt
2014-04-21 09:52 - 2009-07-14 01:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-21 09:51 - 2014-04-17 21:35 - 00000000 ____D () C:\AdwCleaner
2014-04-21 09:47 - 2014-04-21 09:45 - 00000000 ____D () C:\Program Files\PCSX2 1.2.1
2014-04-21 09:46 - 2014-04-21 09:46 - 00003754 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2014-04-21 09:46 - 2013-10-04 14:21 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-04-21 09:44 - 2014-04-21 09:44 - 15127264 _____ () C:\Users\sara\Downloads\678-pcsx2-1.2.1-r5875-setup.exe
2014-04-21 09:34 - 2012-10-19 13:11 - 00000000 ____D () C:\Users\sara\AppData\Roaming\Skype
2014-04-20 20:28 - 2012-12-03 23:14 - 00000000 ____D () C:\Users\sara\Documents\felipe
2014-04-20 19:45 - 2014-03-08 11:25 - 00000000 ____D () C:\Users\sara\Documents\Aline
2014-04-20 13:58 - 2014-03-06 13:54 - 00000000 ____D () C:\Users\sara\Desktop\TCC Artigos
2014-04-19 22:36 - 2012-10-02 19:30 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3494737314-1258950454-2574509943-1000Core.job
2014-04-19 09:45 - 2011-04-12 01:47 - 02905116 _____ () C:\Windows\system32\prfh0416.dat
2014-04-19 09:45 - 2011-04-12 01:47 - 02247538 _____ () C:\Windows\system32\prfc0416.dat
2014-04-19 09:45 - 2010-11-20 18:01 - 00006470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 21:37 - 2014-04-18 21:37 - 00000631 _____ () C:\Users\Convidado\Desktop\Brasfoot2014.lnk
2014-04-18 21:37 - 2014-04-06 14:21 - 00000631 _____ () C:\Users\sara\Desktop\Brasfoot2014.lnk
2014-04-18 21:19 - 2013-08-31 21:18 - 00000000 ____D () C:\Users\sara\Desktop\Rastapé
2014-04-18 21:18 - 2014-04-18 21:18 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Google
2014-04-18 21:18 - 2014-04-18 21:15 - 00002168 _____ () C:\Users\Convidado\Desktop\Google Chrome.lnk
2014-04-18 21:18 - 2012-10-02 07:42 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-04-18 21:18 - 2012-10-02 07:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Modelos
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Meus documentos
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Menu Iniciar
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Documents\Minhas músicas
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Documents\Minhas imagens
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Documents\Meus vídeos
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Dados de aplicativos
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Configurações locais
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\AppData\Local\Histórico
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\AppData\Local\Dados de aplicativos
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Ambiente de rede
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 _SHDL () C:\Users\Convidado\Ambiente de impressão
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 ____D () C:\Users\Convidado\AppData\Roaming\Real
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 ____D () C:\Users\Convidado\AppData\Roaming\AVAST Software
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 ____D () C:\Users\Convidado\AppData\Roaming\Adobe
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 ____D () C:\Users\Convidado\AppData\Local\VirtualStore
2014-04-18 21:15 - 2014-04-18 21:15 - 00000000 ____D () C:\Users\Convidado
2014-04-18 13:59 - 2013-05-30 22:46 - 00000000 ____D () C:\Users\sara\AppData\Local\Adobe
2014-04-18 13:57 - 2013-06-02 16:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-18 13:57 - 2013-06-02 16:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-18 13:15 - 2014-04-18 13:15 - 00027505 _____ () C:\Users\sara\Downloads\PureRa(1).zip
2014-04-18 12:44 - 2014-04-21 16:53 - 00005967 _____ () C:\zoek-results2014-04-18-154456.log
2014-04-18 11:30 - 2014-04-18 11:58 - 00011892 _____ () C:\zoek-results2014-04-18-143033.log
2014-04-18 10:10 - 2014-04-18 11:26 - 00812534 _____ () C:\zoek-results2014-04-18-131051.log
2014-04-17 23:31 - 2014-04-18 09:48 - 00040184 _____ () C:\zoek-results2014-04-18-023158.log
2014-04-17 23:29 - 2014-04-17 23:29 - 00000304 _____ () C:\files.txt
2014-04-17 22:30 - 2012-10-02 07:34 - 00110248 _____ () C:\Users\sara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 21:52 - 2014-04-17 21:52 - 00000952 _____ () C:\Users\sara\Desktop\InterApp Control.lnk
2014-04-17 21:52 - 2014-04-17 21:52 - 00000000 __SHD () C:\Program Files\qubnfe
2014-04-17 21:52 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\Public
2014-04-17 21:50 - 2014-04-17 21:50 - 03052800 _____ (Quartzo Software Ltda. ) C:\Users\sara\Downloads\InterApp-Free-406.exe
2014-04-17 21:34 - 2014-04-17 21:34 - 01426178 _____ () C:\Users\sara\Downloads\adwcleaner.exe
2014-04-17 13:47 - 2014-04-17 13:47 - 00002134 _____ () C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-17 13:46 - 2014-04-17 13:46 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft OneDrive
2014-04-17 13:46 - 2014-04-17 13:46 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-17 13:24 - 2014-04-17 13:24 - 00000029 _____ () C:\Windows\system32\config.ini
2014-04-17 13:18 - 2014-04-17 13:18 - 00000000 __SHD () C:\Users\sara\AppData\Local\EmieUserList
2014-04-17 13:18 - 2014-04-17 13:18 - 00000000 __SHD () C:\Users\sara\AppData\Local\EmieSiteList
2014-04-17 13:18 - 2014-03-29 14:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-15 05:41 - 2014-04-15 05:41 - 00001728 _____ () C:\Users\sara\Downloads\IMG_981.htm
2014-04-15 05:40 - 2014-04-15 05:40 - 00001728 _____ () C:\Users\sara\Downloads\IMG17.htm
2014-04-14 18:35 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\rescache
2014-04-14 11:02 - 2014-04-14 10:53 - 137699152 _____ (Apple Inc.) C:\Users\sara\Downloads\iTunesSetup.exe
2014-04-13 13:15 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-04-10 22:25 - 2014-03-30 18:37 - 00000000 ____D () C:\Users\sara\AppData\Local\PokerStars
2014-04-10 16:28 - 2014-04-10 16:28 - 00810360 _____ () C:\Users\sara\Downloads\AdobeFlashPlayer.exe
2014-04-08 21:00 - 2014-04-08 21:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 12:22 - 2012-10-24 22:01 - 00007680 _____ () C:\Users\sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-06 19:35 - 2014-04-06 19:35 - 00002081 _____ () C:\Users\Public\Desktop\Video Search.lnk
2014-04-06 19:35 - 2014-04-06 19:35 - 00001157 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-04-06 19:31 - 2014-04-06 19:28 - 17282640 _____ (DsNET Corp) C:\Users\sara\Downloads\aTubeCatcher (1).exe
2014-04-06 14:21 - 2014-04-06 14:21 - 00000000 ____D () C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot2014
2014-04-06 14:21 - 2014-04-06 14:21 - 00000000 ____D () C:\Brasfoot2014
2014-04-06 14:20 - 2014-04-06 14:20 - 07290660 _____ () C:\Users\sara\Downloads\brasfoot2014.exe
2014-04-05 18:25 - 2014-04-05 18:25 - 00621912 _____ ( ) C:\Users\sara\Downloads\VDownloaderInstallerIC(1).exe
2014-04-05 17:58 - 2014-04-05 17:58 - 00000000 _____ () C:\Users\sara\Downloads\Não confirmado 135124.crdownload
2014-04-05 17:51 - 2014-04-05 17:51 - 00621912 _____ ( ) C:\Users\sara\Downloads\VDownloaderInstallerIC.exe
2014-04-03 09:51 - 2014-04-21 12:58 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-21 12:58 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-21 12:58 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 18:37 - 2014-03-30 18:37 - 00001032 _____ () C:\Users\Public\Desktop\PokerStars.lnk
2014-03-30 18:37 - 2014-03-30 18:36 - 00000000 ____D () C:\Program Files\PokerStars
2014-03-30 18:32 - 2014-03-30 18:29 - 32930352 _____ (PokerStars) C:\Users\sara\Downloads\PokerStarsInstall.exe
2014-03-29 23:55 - 2013-05-18 17:36 - 00000324 _____ () C:\Windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3494737314-1258950454-2574509943-1000.job
2014-03-29 22:09 - 2014-03-29 22:09 - 00086807 _____ () C:\Users\sara\Downloads\_revisão(1)
2014-03-29 22:08 - 2014-03-29 22:08 - 00086807 _____ () C:\Users\sara\Downloads\_revisão
2014-03-29 19:42 - 2013-11-30 16:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-27 20:35 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-03-25 18:58 - 2014-03-25 18:57 - 00000000 ____D () C:\Users\sara\Desktop\Bloco de notas
2014-03-25 18:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 20:05 - 2014-03-24 20:05 - 00000000 ____D () C:\Users\sara\AppData\Roaming\Windows Live Writer
2014-03-24 20:05 - 2014-03-24 20:05 - 00000000 ____D () C:\Users\sara\AppData\Local\Windows Live Writer
2014-03-24 20:05 - 2012-10-25 20:21 - 00000000 ____D () C:\Users\sara\AppData\Local\Windows Live

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-20 12:15

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-04-2014 02
Ran by sara at 2014-04-21 18:50:58
Running from C:\Users\sara\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: avast! Internet Security (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2011 - Avast Software)
Bing Bar (HKLM\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.2.3018 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{66A7E313-4DBB-4C05-891F-B792DE2870F3}) (Version: 0.8.2.3018 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Galeria de Fotos (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
InterApp Control 4.06 (HKLM\...\InterApp Control_is1) (Version:  - Quartzo Software Ltda.)
JetBee FREE 5.1.2 (build 456) (HKLM\...\JetBee_is1) (Version:  - )
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware versão 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
melondrea (HKLM\...\melondrea) (Version: 2014.04.16.223222 - melondrea) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (PTB) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0416-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 28.0 (x86 pt-BR)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Nero 7 Essentials (HKLM\...\{F61DD673-0030-4BB2-A382-7E57E97F1046}) (Version: 7.02.8078 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Oi Velox (HKLM\...\programmeroi_is1) (Version: 5.0.0.0 - LightComm Tecnologia)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version:  - )
Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo! Editor 1.1 (HKLM\...\PhotoToolkit_is1) (Version:  - )
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Home (HKLM\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

17-04-2014 02:31:07 Windows Update
18-04-2014 02:13:50 zoek.exe restore point
18-04-2014 12:48:47 zoek.exe restore point
18-04-2014 14:26:51 zoek.exe restore point
18-04-2014 14:58:34 zoek.exe restore point
18-04-2014 15:41:36 zoek.exe restore point
20-04-2014 16:11:28 Windows Update
21-04-2014 19:54:07 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-13 23:04 - 2014-04-21 16:55 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {228B1FAE-7D63-4B29-A814-2D7815E7ED49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-02] (Google Inc.)
Task: {403E89AA-D5DC-41FA-8B4F-65C733414FB7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-03] (AVAST Software)
Task: {539ADF66-790B-436F-BF5F-05A75EB4877D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3494737314-1258950454-2574509943-1000UA => C:\Users\sara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-07] (Facebook Inc.)
Task: {5793AA4F-2EDA-4106-BB95-15770ABB9F98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-02] (Google Inc.)
Task: {831D3D68-0460-47A8-90F1-3AE39C4EE287} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3494737314-1258950454-2574509943-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {960144E8-B603-4C52-A732-6FEB4A1415CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {96B33171-CA7F-4E1D-A8A2-DDDE05ED574C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3494737314-1258950454-2574509943-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {9ABDF360-84A5-4F70-B3B3-11DA029A87BF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3494737314-1258950454-2574509943-1000Core => C:\Users\sara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-07] (Facebook Inc.)
Task: {B3AB9CD6-E087-4C0C-A820-17217D04A075} - System32\Tasks\{E4C19E18-43F3-4C6F-8D18-3100F29D6C58} => C:\Program Files\Real\RealPlayer\realplay.exe [2013-07-26] (RealNetworks, Inc.)
Task: {B4714F50-1C63-4E65-AD77-A158AFBD3B67} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3494737314-1258950454-2574509943-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {B51FBD1D-F876-44AB-A92F-12F11292A57C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3494737314-1258950454-2574509943-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {B67DED55-4B9E-4102-8B22-9D575C61683C} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {CE9E269D-7FE1-4F79-9578-911BBA31CD6D} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {E6B8A185-DE5C-4F53-B5FC-14E1420C484B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3494737314-1258950454-2574509943-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F5A9E074-1B42-49D4-B374-64F6E59623EA} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {FC21419B-A55F-4054-A5A3-BCDEBD7B4FE9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3494737314-1258950454-2574509943-1000Core.job => C:\Users\sara\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3494737314-1258950454-2574509943-1000UA.job => C:\Users\sara\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3494737314-1258950454-2574509943-1000.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe

==================== Loaded Modules (whitelisted) =============

2014-04-21 17:17 - 2014-04-21 15:12 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14042101\algo.dll
2013-12-03 16:29 - 2013-12-03 16:29 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-05-16 09:41 - 2007-05-14 11:54 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2014-04-10 15:15 - 2014-04-01 22:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-10 15:15 - 2014-04-01 22:57 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 15:15 - 2014-04-01 22:57 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 15:15 - 2014-04-01 22:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 15:15 - 2014-04-01 22:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 15:15 - 2014-04-01 22:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-10 15:15 - 2014-04-01 22:58 - 13691720 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: WinDefend => 3

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2014 06:06:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 05:38:54 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: NMIndexStoreSvr.exe, versão: 1.5.13.0, carimbo de hora: 0x458d61a6
Nome do módulo de falhas: OLMAPI32.DLL_unloaded, versão: 0.0.0.0, carimbo de hora: 0x50e61339
Código de exceção: 0xc0000005
Deslocamento com falha: 0x5512955c
Identificação do processo com falha: 0x10b4
Hora de início do aplicativo com falha: 0xNMIndexStoreSvr.exe0
Caminho do aplicativo com falha: NMIndexStoreSvr.exe1
FCaminho do módulo de falhas: NMIndexStoreSvr.exe2
Identificação do Relatório: NMIndexStoreSvr.exe3

Error: (04/21/2014 05:15:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 03:04:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 00:59:55 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: NMIndexStoreSvr.exe, versão: 1.5.13.0, carimbo de hora: 0x458d61a6
Nome do módulo de falhas: OLMAPI32.DLL_unloaded, versão: 0.0.0.0, carimbo de hora: 0x50e61339
Código de exceção: 0xc0000005
Deslocamento com falha: 0x5774955c
Identificação do processo com falha: 0x1370
Hora de início do aplicativo com falha: 0xNMIndexStoreSvr.exe0
Caminho do aplicativo com falha: NMIndexStoreSvr.exe1
FCaminho do módulo de falhas: NMIndexStoreSvr.exe2
Identificação do Relatório: NMIndexStoreSvr.exe3

Error: (04/21/2014 00:11:51 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: NMIndexStoreSvr.exe, versão: 1.5.13.0, carimbo de hora: 0x458d61a6
Nome do módulo de falhas: OLMAPI32.DLL_unloaded, versão: 0.0.0.0, carimbo de hora: 0x50e61339
Código de exceção: 0xc0000005
Deslocamento com falha: 0x583d955c
Identificação do processo com falha: 0xaf0
Hora de início do aplicativo com falha: 0xNMIndexStoreSvr.exe0
Caminho do aplicativo com falha: NMIndexStoreSvr.exe1
FCaminho do módulo de falhas: NMIndexStoreSvr.exe2
Identificação do Relatório: NMIndexStoreSvr.exe3

Error: (04/21/2014 00:01:30 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: NMIndexStoreSvr.exe, versão: 1.5.13.0, carimbo de hora: 0x458d61a6
Nome do módulo de falhas: OLMAPI32.DLL_unloaded, versão: 0.0.0.0, carimbo de hora: 0x50e61339
Código de exceção: 0xc0000005
Deslocamento com falha: 0x586d955c
Identificação do processo com falha: 0x1248
Hora de início do aplicativo com falha: 0xNMIndexStoreSvr.exe0
Caminho do aplicativo com falha: NMIndexStoreSvr.exe1
FCaminho do módulo de falhas: NMIndexStoreSvr.exe2
Identificação do Relatório: NMIndexStoreSvr.exe3

Error: (04/21/2014 10:20:04 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: NMIndexStoreSvr.exe, versão: 1.5.13.0, carimbo de hora: 0x458d61a6
Nome do módulo de falhas: OLMAPI32.DLL_unloaded, versão: 0.0.0.0, carimbo de hora: 0x50e61339
Código de exceção: 0xc0000005
Deslocamento com falha: 0x5994955c
Identificação do processo com falha: 0x1520
Hora de início do aplicativo com falha: 0xNMIndexStoreSvr.exe0
Caminho do aplicativo com falha: NMIndexStoreSvr.exe1
FCaminho do módulo de falhas: NMIndexStoreSvr.exe2
Identificação do Relatório: NMIndexStoreSvr.exe3

Error: (04/21/2014 10:15:06 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: NMIndexStoreSvr.exe, versão: 1.5.13.0, carimbo de hora: 0x458d61a6
Nome do módulo de falhas: OLMAPI32.DLL_unloaded, versão: 0.0.0.0, carimbo de hora: 0x50e61339
Código de exceção: 0xc0000005
Deslocamento com falha: 0x5994955c
Identificação do processo com falha: 0x940
Hora de início do aplicativo com falha: 0xNMIndexStoreSvr.exe0
Caminho do aplicativo com falha: NMIndexStoreSvr.exe1
FCaminho do módulo de falhas: NMIndexStoreSvr.exe2
Identificação do Relatório: NMIndexStoreSvr.exe3

Error: (04/21/2014 09:53:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/21/2014 06:07:01 PM) (Source: Microsoft Antimalware) (User: )
Description: O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso: %%835

Código do Erro: 0x80004005

Descrição do Erro: Erro não especificado

Motivo: %%842

Error: (04/21/2014 06:06:48 PM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
aswKbd

Error: (04/21/2014 06:06:47 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço BlueStacks Android Service devido ao seguinte erro:
%%1053

Error: (04/21/2014 06:06:47 PM) (Source: Service Control Manager) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço BlueStacks Android Service.

Error: (04/21/2014 06:05:43 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço BlueStacks Log Rotator Service devido ao seguinte erro:
%%1053

Error: (04/21/2014 06:05:43 PM) (Source: Service Control Manager) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço BlueStacks Log Rotator Service.

Error: (04/21/2014 05:14:53 PM) (Source: Microsoft Antimalware) (User: )
Description: O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso: %%835

Código do Erro: 0x80004005

Descrição do Erro: Erro não especificado

Motivo: %%842

Error: (04/21/2014 05:14:02 PM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
aswKbd

Error: (04/21/2014 05:08:26 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/21/2014 05:08:25 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.


Microsoft Office Sessions:
=========================
Error: (04/18/2014 00:05:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1598 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (04/10/2014 05:36:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/07/2014 10:43:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11670 seconds with 1560 seconds of active time.  This session ended with a crash.

Error: (03/19/2014 10:57:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3638 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/19/2014 05:47:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8696 seconds with 1740 seconds of active time.  This session ended with a crash.

Error: (12/13/2013 01:24:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/01/2013 11:33:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48398 seconds with 1860 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 94%
Total physical RAM: 2013.24 MB
Available physical RAM: 117.14 MB
Total Pagefile: 4026.48 MB
Available Pagefile: 996.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.96 MB

==================== Drives ================================

Drive c: (System_OS) (Fixed) (Total:455.51 GB) (Free:404.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 82C1DED0)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=27)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo lugar onde você deixou o Farbar (FRST):
C:\Users\sara\Downloads

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-04-2014 02
Ran by sara at 2014-04-21 20:27:36 Run:1
Running from C:\Users\sara\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [70528 2014-03-21] (Baidu, Inc.)
U5 Bfilter; C:\Windows\System32\Drivers\Bfilter.sys [45888 2014-01-23] (Baidu, Inc.)
U5 Bfmon; C:\Windows\System32\Drivers\Bfmon.sys [29504 2014-01-16] (Baidu, Inc.)
U5 Bhbase; C:\Windows\System32\Drivers\Bhbase.sys [94976 2014-01-14] (Baidu, Inc.)
U5 Bndef; C:\Windows\System32\Drivers\Bndef.sys [51616 2014-03-21] (Baidu, Inc.)
U5 Bprotect; C:\Windows\System32\Drivers\Bprotect.sys [155968 2014-03-21] (Baidu, Inc.)
2014-04-17 14:29 - 2014-03-21 05:05 - 00070528 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnbasex.sys
2014-04-17 14:29 - 2014-03-21 05:05 - 00051616 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef.sys
2014-04-17 13:24 - 2014-03-21 05:05 - 00155968 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2014-04-17 13:24 - 2014-01-23 03:57 - 00045888 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2014-04-17 13:24 - 2014-01-16 05:53 - 00029504 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2014-04-17 13:24 - 2014-01-14 06:36 - 00094976 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
melondrea (HKLM\...\melondrea) (Version: 2014.04.16.223222 - melondrea)
Task: {F5A9E074-1B42-49D4-B374-64F6E59623EA} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
end
*****************

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrCoordinator.exe => Key deleted successfully.
Default URLSearchHook was restored successfully .
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Web => Key deleted successfully.
HKCR\Wow6432Node\CLSID\Web => Key deleted successfully.
Bnbase => Service stopped successfully.
Bnbase => Service deleted successfully.
Bfilter => Service deleted successfully.
Bfmon => Service deleted successfully.
Bhbase => Service deleted successfully.
Bndef => Service deleted successfully.
Bprotect => Service deleted successfully.
C:\Windows\system32\Drivers\bnbasex.sys => Moved successfully.
C:\Windows\system32\Drivers\bndef.sys => Moved successfully.
C:\Windows\system32\Drivers\Bprotect.sys => Moved successfully.
C:\Windows\system32\Drivers\Bfilter.sys => Moved successfully.
C:\Windows\system32\Drivers\Bfmon.sys => Moved successfully.
C:\Windows\system32\Drivers\Bhbase.sys => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5A9E074-1B42-49D4-B374-64F6E59623EA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5A9E074-1B42-49D4-B374-64F6E59623EA} => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => Key deleted successfully.

==== End of Fixlog ====

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.4.21.36 - Nicolas Coolman  (21/04/2014)
~ Iniciado por sara (21/04/2014 20:33:36)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.11  =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.7

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (12% free)
System Restore: Activé (Enable)
System drive C: has 404 GB (88%) free of 456 GB

---\\ Modo de conexão ao sistema
~ Computer Name: SARA-PC
~ User Name: sara
~ All Users Names: sara, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\sara\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\sara\AppData\Roaming\
~ %Desktop% : C:\Users\sara\Desktop\
~ %Favorites% : C:\Users\sara\Favorites\
~ %LocalAppData% : C:\Users\sara\AppData\Local\
~ %StartMenu% : C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 404 Go of 456 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.26/05/2011 - 15:51:41.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 18:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/34
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/2267
~ Mon Bureau (My Desktop) : 0/283
~ Menu demarrer (Programs) : 1/43
~ Hidden Files:  Scanned in 00mn 09s



---\\ Processos lançados
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe   [30040] [PID.1484]
[MD5.42A856A908650C695C7E0E6F9D56295A] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe   [688184] [PID.1304]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe   [295512] [PID.404]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3764024] [PID.2008]
[MD5.8D87A7E4D8E3C540E6257ACE2388C4DE] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe   [623376] [PID.2092]
[MD5.47F58FB6C7DE5C1E4013F8D96D5A0AEF] - (.Quartzo Desenvolvimento de Software  Ltda. - No Comment.) -- C:\Program Files\qubnfe\qubnfe.exe   [1015608] [PID.2132]
[MD5.A3C330F2731F52BE593FD7DB3617C50E] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe   [149040] [PID.2192]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   [20584608] [PID.2208]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe   [97680] [PID.2236]
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe   [6963512] [PID.3528]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe   [841032] [PID.5116]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [53784] [PID.2948]
[MD5.3D17F31997536C60D4A556C9EA5763FD] - (.BlueStack Systems, Inc. - BlueStacks Frontend.) -- C:\Program Files\BlueStacks\HD-Frontend.exe   [725776] [PID.2284]
[MD5.1549673489F353603429411CDBEA0C92] - (...) -- C:\Brasfoot2014\bf2014.exe   [4999168] [PID.4936]
[MD5.6368A4CF33B29665A504ABC2EA4D8385] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7938048] [PID.3236]
[MD5.BA2C62D33C18E2663D3873129996D419] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe   [910896] [PID.2540]
~ Processes Running:  Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\za57zbyv.default\prefs.js
~ Firefox Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll  =>Toolbar.Google
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Apps.lnk . (...)  -- C:\Users\Public\Libraries\Apps.library-ms
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.)  -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Itautec Descomplica.lnk . (.Multidmedia Limited - itautec-descomplica-app.)  -- C:\Program Files\Itautec Descomplica\Descomplica.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PokerStars.lnk . (.PokerStars - PokerStars Update.)  -- C:\Program Files\PokerStars\PokerStarsUpdate.exe
O4 - GS\Desktop [Public]: Start BlueStacks.lnk . (.BlueStack Systems, Inc. - BlueStacks StartLauncher.)  -- C:\Program Files\BlueStacks\HD-StartLauncher.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.)  -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [sara]: JetBee.lnk . (.Complex New Technologies - JetBee.)  -- C:\Program Files\Complex\JetBee\jetbee.exe
O4 - GS\QuickLaunch [sara]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [sara]: PhotoScape.lnk . (...)  -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [sara]: PokerStars.lnk . (.PokerStars - PokerStars Update.)  -- C:\Program Files\PokerStars\PokerStarsUpdate.exe
O4 - GS\TaskBar [sara]: Brasfoot2014.lnk . (...)  -- C:\Brasfoot2014\bf2014.exe
O4 - GS\TaskBar [sara]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [sara]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [sara]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [sara]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.)  -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Program [sara]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [sara]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [sara]: Brasfoot 2012.lnk . (...)  -- C:\Brasfoot2012\bf2012.exe
O4 - GS\Desktop [sara]: Brasfoot 2013.lnk . (...)  -- C:\Brasfoot2013\bf2013.exe
O4 - GS\Desktop [sara]: Brasfoot2014.lnk . (...)  -- C:\Brasfoot2014\bf2014.exe
O4 - GS\Desktop [sara]: Documentos.lnk . (...)  -- C:\Users\sara\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop [sara]: FoxitReaderPortable - Atalho.lnk . (.PortableApps.com - Foxit Reader Portable (PortableApps.com Lau.)  -- C:\Users\sara\Downloads\FoxitReaderPortable\FoxitReaderPortable.exe
O4 - GS\Desktop [sara]: InterApp Control.lnk . (.Quartzo Desenvolvimento de Software  Ltda. - No Comment.)  -- C:\Program Files\qubnfe\qubnfe.exe
O4 - GS\Desktop [sara]: JetBee.lnk . (.Complex New Technologies - JetBee.)  -- C:\Program Files\Complex\JetBee\jetbee.exe
O4 - GS\Desktop [sara]: Oi Velox.lnk . (.LightComm Tecnologia - Configurador de Modem.)  -- C:\Program Files\Oi\Programmer\OiVelox.exe
O4 - GS\Desktop [sara]: Photo! Editor.lnk . (.VicMan Software - Photo! Editor.)  -- C:\Program Files\Photo!\Photo! Editor\Photo!Editor.exe
O4 - GS\Desktop [sara]: PhotoScape.lnk . (...)  -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [Convidado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Convidado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Convidado]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Convidado]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Convidado]: Brasfoot2014.lnk . (...)  -- C:\Brasfoot2014\bf2014.exe
O4 - GS\Desktop [Convidado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe
~ Global Startup: 106 Legitimates Filtered in 00mn 04s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [sara]: Recorte de tela e Iniciador do OneNote 2007.lnk . (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.)  -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\update\realsched.exe   =>.RealNetworks, Inc
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [qubnfe] . (.Quartzo Desenvolvimento de Software  Ltda. - No Comment.) -- C:\Program Files\qubnfe\qubnfe.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\sara\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3494737314-1258950454-2574509943-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\sara\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3494737314-1258950454-2574509943-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-3494737314-1258950454-2574509943-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-3494737314-1258950454-2574509943-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3494737314-1258950454-2574509943-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} . (.PokerStars - PokerStars Update.) -- C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5781CF8C-D02D-4E9E-9F39-E49FA3D280F6}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5781CF8C-D02D-4E9E-9F39-E49FA3D280F6}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5781CF8C-D02D-4E9E-9F39-E49FA3D280F6}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll  =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (360FileOem) . (.360.cn - 360FileOem.) - C:\Windows\system32\drivers\360FileOem.sys
O41 - Driver:  (aswKbd) . (. - .) - C:\Windows\system32\drivers\aswKbd.sys (.not file.)
O41 - Driver:  (wStLibG) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLibG.sys  =>PUP.LinkiDoo
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
~ Drivers: 82 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: InterApp Control 4.06 - (.Quartzo Software Ltda..) [HKLM] -- InterApp Control_is1
O42 - Logiciel: JetBee FREE 5.1.2 (build 456) - (...) [HKLM] -- JetBee_is1
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM] -- PokerStars
O42 - Logiciel: melondrea - (.melondrea.) [HKLM] -- melondrea  =>PUP.Melondrea
~ Logic: 19 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
~ Key Software: 198 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/12/2012 - 19:27:11 - [] ----D C:\Program Files\Complex
O43 - CFD: 02/10/2012 - 07:31:15 - [] ----D C:\Program Files\Itautec Descomplica
O43 - CFD: 02/10/2012 - 08:28:09 - [] ----D C:\Program Files\Oi
O43 - CFD: 21/12/2013 - 12:41:50 - [] ----D C:\Program Files\Pando Networks
O43 - CFD: 30/03/2014 - 18:37:14 - [] ----D C:\Program Files\PokerStars
O43 - CFD: 17/04/2014 - 21:52:42 - [] -SH-D C:\Program Files\qubnfe
O43 - CFD: 02/10/2012 - 07:59:21 - [] ----D C:\ProgramData\Oi
O43 - CFD: 22/07/2013 - 20:40:52 - [] ----D C:\Users\sara\AppData\Roaming\{4916c8ce-b9e7-4e25-9a23-25493e41e04c}
O43 - CFD: 17/04/2014 - 13:18:44 - [] -SH-D C:\Users\sara\AppData\Local\EmieSiteList
O43 - CFD: 17/04/2014 - 13:18:44 - [] -SH-D C:\Users\sara\AppData\Local\EmieUserList
O43 - CFD: 10/04/2014 - 22:25:07 - [] ----D C:\Users\sara\AppData\Local\PokerStars
O43 - CFD: 22/07/2013 - 20:32:10 - [] ----D C:\Users\sara\AppData\Local\Programming_by_marco6,_gr
O43 - CFD: 09/03/2013 - 14:13:22 - [0] ----D C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2012
O43 - CFD: 07/07/2013 - 11:00:24 - [0] ----D C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2013
O43 - CFD: 06/04/2014 - 14:21:26 - [0] ----D C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot2014
O43 - CFD: 08/01/2014 - 17:09:47 - [] ----D C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
~ Program Folder: 181 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 17/04/2014 - 13:24:20 ---A- . (...) -- C:\Windows\System32\config.ini   [29]
O44 - LFC:[MD5.A22B1FEB166964E5287280CBAB30EE6E] - 17/04/2014 - 21:52:41 ---A- . (...) -- C:\Windows\System32\wintbr.ocx   [372736]
O44 - LFC:[MD5.3A196B5527140EDC6040BD5089A5B3B7] - 17/04/2014 - 23:29:39 ---A- . (...) -- C:\files.txt   [304]
O44 - LFC:[MD5.CBFC4DE01C1BDE387F2992A2728253E3] - 17/04/2014 - 23:31:58 ---A- . (...) -- C:\zoek-results2014-04-18-023158.log   [40184]
O44 - LFC:[MD5.F6E8A45533ED6FFB10AB71C813ADA3AC] - 18/04/2014 - 10:10:51 ---A- . (...) -- C:\zoek-results2014-04-18-131051.log   [812534]
O44 - LFC:[MD5.333A0225DC1EF116C1373D6C20126232] - 18/04/2014 - 11:30:33 ---A- . (...) -- C:\zoek-results2014-04-18-143033.log   [11892]
O44 - LFC:[MD5.5C287A58275688B09BDB1C741407560E] - 18/04/2014 - 12:44:56 ---A- . (...) -- C:\zoek-results2014-04-18-154456.log   [5967]
O44 - LFC:[MD5.03345A1C54554B00EE7BD444087A74F5] - 19/04/2014 - 09:45:50 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [2247538]
O44 - LFC:[MD5.AA373890096172FF65B7544162CFD58A] - 19/04/2014 - 09:45:50 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [2905116]
O44 - LFC:[MD5.B49F855E466E262F3D729FBA852057B8] - 21/04/2014 - 09:57:24 ---A- . (...) -- C:\PureRa.txt   [10578]
O44 - LFC:[MD5.1F413C3730D1F532F5E61F7AC9396D83] - 21/04/2014 - 11:12:49 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG.sys   [52928]  =>PUP.LinkiDoo
O44 - LFC:[MD5.B75413344DCB253E4C799F11BD758924] - 21/04/2014 - 15:01:54 ---A- . (...) -- C:\Windows\win.ini   [580]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 21/04/2014 - 16:51:07 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.D28972F68094007B5050CC7D58FAB245] - 21/04/2014 - 17:14:48 ---A- . (...) -- C:\zoek-results.log   [24615]
~ Files: 70 Legitimates Filtered in 00mn 14s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:17/09/2012 - 18:58:30 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys   [152880]
O58 - SDL:03/12/2013 - 16:29:39 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49944]
O58 - SDL:03/01/2014 - 20:09:55 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [180248]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:17/03/2014 - 16:11:16 ---A- . (.Highlightly - Highlightly Driver x86.) -- C:\Windows\System32\Drivers\hlnfd.sys   [52752]
O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [87064]
O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [182680]
O58 - SDL:28/10/2013 - 00:12:14 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys   [182680]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:21/04/2014 - 11:12:49 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG.sys   [52928]  =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 20 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 17/09/2012 - C:\Windows\system32\drivers\360FileOem.sys (360FileOem)  .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
O64 - Services: CurCS - 21/04/2014 - C:\Windows\System32\drivers\wStLibG.sys (wStLibG)  .(.StdLib - StdLib.) - LEGACY_WSTLIBG  =>PUP.LinkiDoo
~ Legacy: 121 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [sara - za57zbyv.default] user_pref("avg.install.newtab", true);
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6670F320-7987-417F-BCCF-570B842ED85D} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\sara\Desktop\PureRa.exe   [76565]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][21/04/2014] (...) -- C:\Users\sara\Desktop\zoek.exe   [1285120]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0235566E5134C79D5D40C1397220AC4E] [WIS][02/06/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\324232.msi   [28160]  =>Toolbar.Google
[MD5.0E4185F75C1394897DB73CCC3368CA4B] [WIS][11/06/2012] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\5f3a42.msi   [475136]  =>Toolbar.Bing
[MD5.3561A670FD52E8DB7EBEE4E2F85AB036] [WIS][16/12/2013] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\ced31.msi   [741376]  =>Toolbar.Bing
~ WIS: 3 Legitimates Filtered in 00mn 02s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32  =>Hijacker.BabSolution
HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS  =>Hijacker.BabSolution
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32  =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS  =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASAPI32  =>PUP.BrowseMark
HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASMANCS  =>PUP.BrowseMark
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASAPI32  =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASMANCS  =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASAPI32  =>PUP.BrowseMark
HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASMANCS  =>PUP.BrowseMark
HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASAPI32  =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASMANCS  =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseMark_RASAPI32  =>PUP.BrowseMark
HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseMark_RASMANCS  =>PUP.BrowseMark
~ BTK: 266 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar)  =>Toolbar.Google
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication)  =>PUP.Manager
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper)  =>Toolbar.Google
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper)  =>Toolbar.Bing
~ BCK: 6525 Legitimates Filtered in 00mn 12s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 18/04/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 03/01/2014 113704 |  (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SS - | Auto 18/11/2013 385808 |  (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
SS - | Auto 02/10/2012 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 02/10/2012 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/05/2013 194032 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 29/03/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/01/2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 18/11/2013 398096 |  (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-Service.exe
SR - | Auto 03/04/2014 1809720 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 11/11/2010 11736 |  (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
SR - | Auto 15/02/2012 459832 |  (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
SR - | Auto 16/04/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 14/05/2007 272024 |  (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 14s



---\\ Scâner Aditional (088)
Database Version : 13044 - (21/04/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 9

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\melondrea]   =>PUP.Melondrea^
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]   =>Adware.BrowseFox
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}   =>Toolbar.Google^
[HKCU\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Baidu Security]   =>Adware.BDSearch^
C:\Windows\Installer\324232.msi   =>Toolbar.Google^
C:\Windows\Installer\5f3a42.msi   =>Toolbar.Bing^
C:\Windows\Installer\ced31.msi   =>Toolbar.Bing^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar)   =>Toolbar.Google^
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication)   =>PUP.Manager^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper)   =>Toolbar.Google^
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper)   =>Toolbar.Bing^
~ Additionnel Scan: 251597 Items scanned in 00mn 38s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Melondrea
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.BabSolution
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.BrowseMark
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Manager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.BrowseFox
~ MSI: 8 link(s) detected in 00mn 00s



~ 1025 Legitimates filtered by white list
End of the scan (669 lines in 02mn 13s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by sara at 21/04/2014 21:20:41
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (Cancelado pelo utilizador)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\melondrea\melondreauninstall.exe

========== Estado dos serviços ==========
WSTLIBG Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\melondrea]
ELIMINÉ Driver Key: wStLibG
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseMark_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseMark_RASMANCS
ELIMINÉ: HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: user_pref("avg.install.newtab", true);

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\wstlibg.sys
ELIMINÉ: c:\windows\system32\drivers\hlnfd.sys
ELIMINÉ Temporários windows (131) (2.115.795 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
19 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
4 : Ficheiros
1 : Softwares
1 : Preferências do navegador
1 : Estado dos serviços
1 : Restauração Sistema


End of clean in 00mn 27s

========== Caminho do ficheiro do relatório ==========
C:\Users\sara\AppData\Roaming\ZHP\ZHPFix[R1].txt - 21/04/2014 21:20:47 [2742]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.4.21.36 - Nicolas Coolman  (21/04/2014)
~ Iniciado por sara (21/04/2014 21:27:35)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.11  =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.7

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (9% free)
System Restore: Activé (Enable)
System drive C: has 404 GB (88%) free of 456 GB

---\\ Modo de conexão ao sistema
~ Computer Name: SARA-PC
~ User Name: sara
~ All Users Names: sara, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\sara\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\sara\AppData\Roaming\
~ %Desktop% : C:\Users\sara\Desktop\
~ %Favorites% : C:\Users\sara\Favorites\
~ %LocalAppData% : C:\Users\sara\AppData\Local\
~ %StartMenu% : C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 404 Go of 456 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.26/05/2011 - 15:51:41.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 18:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/34
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/2267
~ Mon Bureau (My Desktop) : 0/282
~ Menu demarrer (Programs) : 1/43
~ Hidden Files:  Scanned in 00mn 02s



---\\ Processos lançados
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe   [6963512] [PID.2332]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe   [30040] [PID.2704]
[MD5.42A856A908650C695C7E0E6F9D56295A] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe   [688184] [PID.2820]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe   [295512] [PID.2864]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3764024] [PID.2872]
[MD5.8D87A7E4D8E3C540E6257ACE2388C4DE] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe   [623376] [PID.2888]
[MD5.47F58FB6C7DE5C1E4013F8D96D5A0AEF] - (.Quartzo Desenvolvimento de Software  Ltda. - No Comment.) -- C:\Program Files\qubnfe\qubnfe.exe   [1015608] [PID.3060]
[MD5.A3C330F2731F52BE593FD7DB3617C50E] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe   [149040] [PID.3820]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   [20584608] [PID.3088]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe   [97680] [PID.1192]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [53784] [PID.5136]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe   [841032] [PID.4716]
[MD5.3D17F31997536C60D4A556C9EA5763FD] - (.BlueStack Systems, Inc. - BlueStacks Frontend.) -- C:\Program Files\BlueStacks\HD-Frontend.exe   [725776] [PID.4080]
[MD5.6368A4CF33B29665A504ABC2EA4D8385] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7938048] [PID.4544]
[MD5.BA2C62D33C18E2663D3873129996D419] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe   [910896] [PID.0]
~ Processes Running:  Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\za57zbyv.default\prefs.js
~ Firefox Browser: 22 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll  =>Toolbar.Google
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Apps.lnk . (...)  -- C:\Users\Public\Libraries\Apps.library-ms
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.)  -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Itautec Descomplica.lnk . (.Multidmedia Limited - itautec-descomplica-app.)  -- C:\Program Files\Itautec Descomplica\Descomplica.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PokerStars.lnk . (.PokerStars - PokerStars Update.)  -- C:\Program Files\PokerStars\PokerStarsUpdate.exe
O4 - GS\Desktop [Public]: Start BlueStacks.lnk . (.BlueStack Systems, Inc. - BlueStacks StartLauncher.)  -- C:\Program Files\BlueStacks\HD-StartLauncher.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.)  -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [sara]: JetBee.lnk . (.Complex New Technologies - JetBee.)  -- C:\Program Files\Complex\JetBee\jetbee.exe
O4 - GS\QuickLaunch [sara]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [sara]: PhotoScape.lnk . (...)  -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [sara]: PokerStars.lnk . (.PokerStars - PokerStars Update.)  -- C:\Program Files\PokerStars\PokerStarsUpdate.exe
O4 - GS\TaskBar [sara]: Brasfoot2014.lnk . (...)  -- C:\Brasfoot2014\bf2014.exe
O4 - GS\TaskBar [sara]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [sara]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [sara]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [sara]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.)  -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Program [sara]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [sara]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [sara]: Brasfoot 2012.lnk . (...)  -- C:\Brasfoot2012\bf2012.exe
O4 - GS\Desktop [sara]: Brasfoot 2013.lnk . (...)  -- C:\Brasfoot2013\bf2013.exe
O4 - GS\Desktop [sara]: Brasfoot2014.lnk . (...)  -- C:\Brasfoot2014\bf2014.exe
O4 - GS\Desktop [sara]: Documentos.lnk . (...)  -- C:\Users\sara\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop [sara]: FoxitReaderPortable - Atalho.lnk . (.PortableApps.com - Foxit Reader Portable (PortableApps.com Lau.)  -- C:\Users\sara\Downloads\FoxitReaderPortable\FoxitReaderPortable.exe
O4 - GS\Desktop [sara]: InterApp Control.lnk . (.Quartzo Desenvolvimento de Software  Ltda. - No Comment.)  -- C:\Program Files\qubnfe\qubnfe.exe
O4 - GS\Desktop [sara]: JetBee.lnk . (.Complex New Technologies - JetBee.)  -- C:\Program Files\Complex\JetBee\jetbee.exe
O4 - GS\Desktop [sara]: Oi Velox.lnk . (.LightComm Tecnologia - Configurador de Modem.)  -- C:\Program Files\Oi\Programmer\OiVelox.exe
O4 - GS\Desktop [sara]: Photo! Editor.lnk . (.VicMan Software - Photo! Editor.)  -- C:\Program Files\Photo!\Photo! Editor\Photo!Editor.exe
O4 - GS\Desktop [sara]: PhotoScape.lnk . (...)  -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [Convidado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Convidado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Convidado]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Convidado]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Convidado]: Brasfoot2014.lnk . (...)  -- C:\Brasfoot2014\bf2014.exe
O4 - GS\Desktop [Convidado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe
~ Global Startup: 106 Legitimates Filtered in 00mn 14s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [sara]: Recorte de tela e Iniciador do OneNote 2007.lnk . (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.)  -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\update\realsched.exe   =>.RealNetworks, Inc
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [qubnfe] . (.Quartzo Desenvolvimento de Software  Ltda. - No Comment.) -- C:\Program Files\qubnfe\qubnfe.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\sara\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3494737314-1258950454-2574509943-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\sara\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3494737314-1258950454-2574509943-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-3494737314-1258950454-2574509943-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-3494737314-1258950454-2574509943-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3494737314-1258950454-2574509943-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} . (.PokerStars - PokerStars Update.) -- C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5781CF8C-D02D-4E9E-9F39-E49FA3D280F6}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5781CF8C-D02D-4E9E-9F39-E49FA3D280F6}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5781CF8C-D02D-4E9E-9F39-E49FA3D280F6}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll  =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (360FileOem) . (.360.cn - 360FileOem.) - C:\Windows\system32\drivers\360FileOem.sys
O41 - Driver:  (aswKbd) . (. - .) - C:\Windows\system32\drivers\aswKbd.sys (.not file.)
O41 - Driver:  (wStLibG) . (. - .) - C:\Windows\System32\drivers\wStLibG.sys (.not file.)
~ Drivers: 79 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: InterApp Control 4.06 - (.Quartzo Software Ltda..) [HKLM] -- InterApp Control_is1
O42 - Logiciel: JetBee FREE 5.1.2 (build 456) - (...) [HKLM] -- JetBee_is1
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM] -- PokerStars
~ Logic: 18 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\Brasfoot]
[HKCU\Software\ItautecDescomplica]
[HKCU\Software\Pando Networks]
[HKCU\Software\qubnfe]
[HKLM\Software\InterApp]
[HKLM\Software\Pando Networks]
[HKLM\Software\qubnfe]
~ Key Software: 194 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/12/2012 - 19:27:11 - [] ----D C:\Program Files\Complex
O43 - CFD: 02/10/2012 - 07:31:15 - [] ----D C:\Program Files\Itautec Descomplica
O43 - CFD: 02/10/2012 - 08:28:09 - [] ----D C:\Program Files\Oi
O43 - CFD: 21/12/2013 - 12:41:50 - [] ----D C:\Program Files\Pando Networks
O43 - CFD: 30/03/2014 - 18:37:14 - [] ----D C:\Program Files\PokerStars
O43 - CFD: 17/04/2014 - 21:52:42 - [] -SH-D C:\Program Files\qubnfe
O43 - CFD: 02/10/2012 - 07:59:21 - [] ----D C:\ProgramData\Oi
O43 - CFD: 22/07/2013 - 20:40:52 - [] ----D C:\Users\sara\AppData\Roaming\{4916c8ce-b9e7-4e25-9a23-25493e41e04c}
O43 - CFD: 17/04/2014 - 13:18:44 - [] -SH-D C:\Users\sara\AppData\Local\EmieSiteList
O43 - CFD: 17/04/2014 - 13:18:44 - [] -SH-D C:\Users\sara\AppData\Local\EmieUserList
O43 - CFD: 10/04/2014 - 22:25:07 - [] ----D C:\Users\sara\AppData\Local\PokerStars
O43 - CFD: 22/07/2013 - 20:32:10 - [] ----D C:\Users\sara\AppData\Local\Programming_by_marco6,_gr
O43 - CFD: 09/03/2013 - 14:13:22 - [0] ----D C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2012
O43 - CFD: 07/07/2013 - 11:00:24 - [0] ----D C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2013
O43 - CFD: 06/04/2014 - 14:21:26 - [0] ----D C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot2014
O43 - CFD: 08/01/2014 - 17:09:47 - [] ----D C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
~ Program Folder: 181 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 17/04/2014 - 13:24:20 ---A- . (...) -- C:\Windows\System32\config.ini   [29]
O44 - LFC:[MD5.A22B1FEB166964E5287280CBAB30EE6E] - 17/04/2014 - 21:52:41 ---A- . (...) -- C:\Windows\System32\wintbr.ocx   [372736]
O44 - LFC:[MD5.3A196B5527140EDC6040BD5089A5B3B7] - 17/04/2014 - 23:29:39 ---A- . (...) -- C:\files.txt   [304]
O44 - LFC:[MD5.CBFC4DE01C1BDE387F2992A2728253E3] - 17/04/2014 - 23:31:58 ---A- . (...) -- C:\zoek-results2014-04-18-023158.log   [40184]
O44 - LFC:[MD5.F6E8A45533ED6FFB10AB71C813ADA3AC] - 18/04/2014 - 10:10:51 ---A- . (...) -- C:\zoek-results2014-04-18-131051.log   [812534]
O44 - LFC:[MD5.333A0225DC1EF116C1373D6C20126232] - 18/04/2014 - 11:30:33 ---A- . (...) -- C:\zoek-results2014-04-18-143033.log   [11892]
O44 - LFC:[MD5.5C287A58275688B09BDB1C741407560E] - 18/04/2014 - 12:44:56 ---A- . (...) -- C:\zoek-results2014-04-18-154456.log   [5967]
O44 - LFC:[MD5.03345A1C54554B00EE7BD444087A74F5] - 19/04/2014 - 09:45:50 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [2247538]
O44 - LFC:[MD5.AA373890096172FF65B7544162CFD58A] - 19/04/2014 - 09:45:50 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [2905116]
O44 - LFC:[MD5.B49F855E466E262F3D729FBA852057B8] - 21/04/2014 - 09:57:24 ---A- . (...) -- C:\PureRa.txt   [10578]
O44 - LFC:[MD5.B75413344DCB253E4C799F11BD758924] - 21/04/2014 - 15:01:54 ---A- . (...) -- C:\Windows\win.ini   [580]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 21/04/2014 - 16:51:07 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.D28972F68094007B5050CC7D58FAB245] - 21/04/2014 - 17:14:48 ---A- . (...) -- C:\zoek-results.log   [24615]
~ Files: 69 Legitimates Filtered in 00mn 14s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:17/09/2012 - 18:58:30 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys   [152880]
O58 - SDL:03/12/2013 - 16:29:39 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49944]
O58 - SDL:03/01/2014 - 20:09:55 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [180248]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [87064]
O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [182680]
O58 - SDL:28/10/2013 - 00:12:14 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys   [182680]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 20 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 17/09/2012 - C:\Windows\system32\drivers\360FileOem.sys (360FileOem)  .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
~ Legacy: 121 Legitimates Filtered in 00mn 01s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6670F320-7987-417F-BCCF-570B842ED85D} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\sara\Desktop\PureRa.exe   [76565]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][21/04/2014] (...) -- C:\Users\sara\Desktop\zoek.exe   [1285120]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0235566E5134C79D5D40C1397220AC4E] [WIS][02/06/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\324232.msi   [28160]  =>Toolbar.Google
[MD5.0E4185F75C1394897DB73CCC3368CA4B] [WIS][11/06/2012] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\5f3a42.msi   [475136]  =>Toolbar.Bing
[MD5.3561A670FD52E8DB7EBEE4E2F85AB036] [WIS][16/12/2013] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\ced31.msi   [741376]  =>Toolbar.Bing
~ WIS: 3 Legitimates Filtered in 00mn 03s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS  =>Toolbar.Google
~ BTK: 252 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar)  =>Toolbar.Google
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication)  =>PUP.Manager
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper)  =>Toolbar.Google
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper)  =>Toolbar.Bing
~ BCK: 6524 Legitimates Filtered in 00mn 13s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 18/04/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 03/01/2014 113704 |  (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SS - | Auto 02/10/2012 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 02/10/2012 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/05/2013 194032 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 29/03/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/01/2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 18/11/2013 398096 |  (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-Service.exe
SR - | Auto 18/11/2013 385808 |  (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
SR - | Auto 03/04/2014 1809720 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 11/11/2010 11736 |  (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
SR - | Auto 15/02/2012 459832 |  (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
SR - | Auto 16/04/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 14/05/2007 272024 |  (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 16s



---\\ Scâner Aditional (088)
Database Version : 13044 - (21/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 7

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}   =>Toolbar.Google^
C:\Windows\Installer\324232.msi   =>Toolbar.Google^
C:\Windows\Installer\5f3a42.msi   =>Toolbar.Bing^
C:\Windows\Installer\ced31.msi   =>Toolbar.Bing^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar)   =>Toolbar.Google^
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication)   =>PUP.Manager^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper)   =>Toolbar.Google^
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper)   =>Toolbar.Bing^
~ Additionnel Scan: 251280 Items scanned in 00mn 54s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Manager
~ MSI: 1 link(s) detected in 00mn 00s



~ 1018 Legitimates filtered by white list
End of the scan (596 lines in 03mn 02s)(0)

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_________________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by sara at 21/04/2014 22:03:32
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (Cancelado pelo utilizador)

========== Chaves do Registo ==========
ELIMINÉ Driver Key: wStLibG

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (16.384 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 30s

========== Caminho do ficheiro do relatório ==========
C:\Users\sara\AppData\Roaming\ZHP\ZHPFix[R1].txt - 21/04/2014 21:20:47 [2821]
C:\Users\sara\AppData\Roaming\ZHP\ZHPFix[R2].txt - 21/04/2014 22:03:35 [929]

Você seguiu este tutorial abaixo?
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Como está seu PC após estes procedimentos?

Segui. Não vejo mais os anúncios q via. O AVG tmb saiu da página inicial do firefox  :rindo_ate_agor Obg pela ajuda.

Se possível, gostaria de saber também como bloquear downloads e instalação de programas pois isso tem acontecido com frequência por causa do uso indevido de terceiros

Estes artigos abaixo ajudam a reduzir estes problemas:

Deixe seu PC mais protegido na internet com o SpywareBlaster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Bloqueie sites impróprios da Web com o software K9 Web Protection
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Sugiro também que instale a extensão AdBlock que bloqueia propagandas em sites:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_________________________________________________________________

Segui. Não vejo mais os anúncios q via. O AVG tmb saiu da página inicial do firefox  :rindo_ate_agor Obg pela ajuda.

Fico feliz que o problema tenha sido resolvido.

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!