PROBLEMAS COM SPYWARE E ADWARE

Bom dia!   

Vamos direto ao assunto, meu notebook está cheio de spy e ad'wares... já tentei baixar alguns programas para auxilio, porém não tive êxito. Quando se encontra aberto algum navegador abre diversas páginas, além das diversas propagandas que surgem durante a navegação. Baixei o HijackThis, mas quando fui executar não abriu...

  Olá Yuri.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.207 - Relatório criado 06/05/2014 às 11:50:13
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language  (64 bits)
# Usuário : Geral - PC-HOUSE
# Executando de : C:\Users\Geral\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : APNMCP
[#] Serviço Deletada : bonanzadealslive
[#] Serviço Deletada : bonanzadealslivem
Serviço Deletada : F06DEFF2-5B9C-490D-910F-35D3A91196222
[#] Serviço Deletada : SafetyNutManager

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\AskPartnerNetwork
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\BonanzaDealsLive
[!] Pasta Deletada : C:\ProgramData\SafetyNut
Pasta Deletada : C:\ProgramData\Systweak
Pasta Deletada : C:\ProgramData\AlawarWrapper
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
Pasta Deletada : C:\Program Files (x86)\Advanced System Protector
Pasta Deletada : C:\Program Files (x86)\AskPartnerNetwork
Pasta Deletada : C:\Program Files (x86)\baidu
Pasta Deletada : C:\Program Files (x86)\BonanzaDeals
Pasta Deletada : C:\Program Files (x86)\BonanzaDealsLive
Pasta Deletada : C:\Program Files (x86)\ExpressFiles
Pasta Deletada : C:\Program Files (x86)\HQ-Video-Pro-1.4
Pasta Deletada : C:\Program Files (x86)\LyriXeeker
[!] Pasta Deletada : C:\Program Files (x86)\melondrea
Pasta Deletada : C:\Program Files (x86)\Mobogenie
Pasta Deletada : C:\Program Files (x86)\System Speedup
Pasta Deletada : C:\Program Files (x86)\WinZip Registry Optimizer
Pasta Deletada : C:\Users\Geral\Funmoods
Pasta Deletada : C:\Users\Geral\AppData\Local\AskPartnerNetwork
Pasta Deletada : C:\Users\Geral\AppData\Local\BeamriseUninstall
Pasta Deletada : C:\Users\Geral\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\Geral\AppData\Local\FilesFrog Update Checker
Pasta Deletada : C:\Users\Geral\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Geral\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\Geral\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\Geral\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Geral\AppData\Roaming\ExpressFiles
Pasta Deletada : C:\Users\Geral\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\Geral\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Geral\AppData\Roaming\System Speedup
Pasta Deletada : C:\Users\Geral\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Geral\AppData\Roaming\UpdaterEX
Pasta Deletada : C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
Pasta Deletada : C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Pasta Deletada : C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Deletada : C:\Users\Geral\Documents\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\Extensions\f6b78e05-0819-4914-a9b1-53baf8fa3cd8@5f1a7616-ab87-4cb2-b56e-1218d848ce49.com
Pasta Deletada : C:\Users\Geral\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Pasta Deletada : C:\Users\Geral\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Arquivo Deletada : C:\Users\Public\Desktop\Advanced System Protector.lnk
Arquivo Deletada : C:\Windows\System32\Drivers\{c047df5e-0fda-4055-b5db-a96a8a34a094}Gw64.sys
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Users\Geral\daemonprocess.txt
Arquivo Deletada : C:\Users\Geral\AppData\Local\funmoods-speeddial.crx
Arquivo Deletada : C:\Users\Geral\Desktop\Mobogenie.lnk
Arquivo Deletada : C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\searchplugins\Ask.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
Arquivo Deletada : C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\searchplugins\Web Search.xml
Arquivo Deletada : C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\user.js
Arquivo Deletada : C:\Windows\System32\Tasks\Advanced System Protector
Arquivo Deletada : C:\Windows\System32\Tasks\Advanced System Protector_startup
Arquivo Deletada : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
Arquivo Deletada : C:\Windows\System32\Tasks\BonanzaDealsUpdate
Arquivo Deletada : C:\Windows\System32\Tasks\Express FilesUpdate
Arquivo Deletada : C:\Windows\Tasks\Funmoods.job
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\Tasks\HQ-Video-Pro-1.4-codedownloader.job
Arquivo Deletada : C:\Windows\System32\Tasks\HQ-Video-Pro-1.4-codedownloader
Arquivo Deletada : C:\Windows\Tasks\HQ-Video-Pro-1.4-enabler.job
Arquivo Deletada : C:\Windows\System32\Tasks\HQ-Video-Pro-1.4-enabler
Arquivo Deletada : C:\Windows\Tasks\HQ-Video-Pro-1.4-firefoxinstaller.job
Arquivo Deletada : C:\Windows\System32\Tasks\HQ-Video-Pro-1.4-firefoxinstaller
Arquivo Deletada : C:\Windows\Tasks\HQ-Video-Pro-1.4-updater.job
Arquivo Deletada : C:\Windows\System32\Tasks\HQ-Video-Pro-1.4-updater
Arquivo Deletada : C:\Windows\Tasks\LyricXeeker Update.job
Arquivo Deletada : C:\Windows\System32\Tasks\LyricXeeker Update
Arquivo Deletada : C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
Arquivo Deletada : C:\Windows\Tasks\System Speedup_DEFAULT.job
Arquivo Deletada : C:\Windows\System32\Tasks\System Speedup_DEFAULT
Arquivo Deletada : C:\Windows\Tasks\System Speedup_UPDATES.job
Arquivo Deletada : C:\Windows\System32\Tasks\System Speedup_UPDATES
Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job
Arquivo Deletada : C:\Windows\System32\Tasks\UpdaterEX

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Chave Deletedo : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Valor Deletedo : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Valor Deletedo : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0052920.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0052920.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0052920.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0052920.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291120}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292220}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295520}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296620}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544294420}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291120}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511291120}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511291120}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9c37a4df-f3ac-495a-8391-1b241b76ea22}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8e6b377-4526-477f-9a6d-c543d66fc643}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291120}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292220}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295520}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296620}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291120}
Valor Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9c37a4df-f3ac-495a-8391-1b241b76ea22}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8e6b377-4526-477f-9a6d-c543d66fc643}
Chave Deletedo : HKCU\Software\AskPartnerNetwork
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\ExpressFiles
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\SafetyNut
Chave Deletedo : HKCU\Software\SmartBar
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\Somoto
Chave Deletedo : HKCU\Software\System Speedup
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\HQ-Video-Pro-1.4
Chave Deletedo : HKCU\Software\AppDataLow\Software\lyrixeeker
Chave Deletedo : HKLM\Software\AskPartnerNetwork
Chave Deletedo : HKLM\Software\BonanzaDealsLive
Chave Deletedo : HKLM\Software\ExpressFiles
Chave Deletedo : HKLM\Software\HQ-Video-Pro-1.4
Chave Deletedo : HKLM\Software\SafetyNut
Chave Deletedo : HKLM\Software\System Speedup
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQ-Video-Pro-1.4
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Chave Deletedo : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\prefs.js ]

Linha deletada : user_pref("CT2851643.FF19Solved", "true");
Linha deletada : user_pref("CT2851643.UserID", "UN75947598011157326");
Linha deletada : user_pref("CT2851643.fullUserID", "UN75947598011157326.IN.20130820150535");
Linha deletada : user_pref("CT2851643.installDate", "20/08/2013 15:05:34");
Linha deletada : user_pref("CT2851643.installSessionId", "-1");
Linha deletada : user_pref("CT2851643.installSp", "FALSE");
Linha deletada : user_pref("CT2851643.installerVersion", "1.5.4.4");
Linha deletada : user_pref("CT2851643.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Linha deletada : user_pref("CT2851643.searchRevert", "FALSE");
Linha deletada : user_pref("CT2851643.searchUserMode", "1");
Linha deletada : user_pref("CT2851643.versionFromInstaller", "10.16.70.5");
Linha deletada : user_pref("CT2851643.xpeMode", "0");
Linha deletada : user_pref("browser.search.order.1", "Ask.com");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.InstallationThankYouPage", true);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.InstallationTime", 1393979229);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.MyEXT52920.Prefs_is_not_a_function", 2);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.active", true);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.addressbar", "NA");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.addressbarenhanced", "");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920_dbWasSet", true);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920_dbWasSet_FF25_FIX", true[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.asyncdb.was_copied", "true");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.asyncdb_dbWasSet", true);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.asyncdb_dbWasSet_FF25_FIX", true);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.asyncinternaldb.was_copied", "true");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.asyncinternaldb_dbWasSet", true);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.asyncinternaldb_dbWasSet_FF25_FIX", true);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.backgroundver", 2);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.certdomaininstaller", "");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.changeprevious", false);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.InstallationTime.value", "%221393979229%22");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001184%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.iframe-exists.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.iframe-exists.value", "true");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.jw_token.value", "%22b293c3bf-9b6a-7141-9600-830444478e0c%22");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.load_balancer.expiration", "Sun May 04 2014 20:30:21 GMT-0300 (Hora oficial do Brasil)");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C%5C%22Endpoint%5C%22%3A%20%5C%2[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.previous_page.value", "%22hxxp%3A//www.baixaki.com.br/portal/%3Futm_source%3Dsol%26utm_medi[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.cookie.user_id.value", "%221449b1936b27015c0691c7103853b51d%22");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.description", "HQ Videos is an add-on for your Internet browser that enhances your online experien[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.domain", "");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.enablesearch", false);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.homepage", "");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.iframe", false);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%221F1477115BF242E1832739B77ED57[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001184%22%2C%22sub_id%22%3A%220%22%2C%[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001184%22%2C%22sub_id%22%3A%220%2[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%221F1477115BF242E18327[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_appVer.value", "36");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_lastVersion.value", "1");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_meta.value", "%7B%7D");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_nextCheck.expiration", "Sun May 04 2014 20:30:15 GMT-0300 (Hora oficial do Br[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_nextCheck.value", "true");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_queue.value", "%7B%7D");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__global_rules.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__global_rules.value", "%5B%7B%22rules%22%3A%7B%22delay_between_ads_in_s[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__global_rules_verion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__global_rules_verion.value", "3");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__is_send_log.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__is_send_log.value", "false");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__last_daily_visit.expiration", "Mon May 05 2014 05:00:00 GMT-0300 (Hora[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__last_daily_visit.value", "1399224620154");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__last_impression_time.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200")[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__last_impression_time.value", "1399226927210");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__marketing_rules.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__marketing_rules.value", "%7B%22rules%22%3A%5B%7B%22ad_type%22%3A%22sit[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__marketing_rules_verion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__marketing_rules_verion.value", "35");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__pagevies_count_1.4.2014.expiration", "Sun May 11 2014 05:00:00 GMT-030[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__pagevies_count_1.4.2014.value", "8");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__pagevies_count_25.3.2014.expiration", "Mon May 05 2014 05:00:00 GMT-03[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__pagevies_count_25.3.2014.value", "3");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__pagevies_count_29.3.2014.expiration", "Fri May 09 2014 05:00:00 GMT-03[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__pagevies_count_29.3.2014.value", "2");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__pagevies_count_5.4.2014.expiration", "Thu May 15 2014 05:00:00 GMT-030[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__pagevies_count_5.4.2014.value", "13");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__send_log_percent.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__send_log_percent.value", "0.0005");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__total_impressions_today.expiration", "Mon May 05 2014 05:00:00 GMT-030[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__total_impressions_today.value", "3");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__total_impressions_today_slider.expiration", "Mon May 05 2014 05:00:00 [...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__total_impressions_today_slider.value", "3");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__verions_data.expiration", "Sun May 04 2014 20:30:19 GMT-0300 (Hora ofi[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__ICM_DOWNLOADS__verions_data.value", "%7B%22global_rules_version%22%3A3%2C%22marketing[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.__defualt_browser__.value", "%22ch%22");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%221F147711[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.monetization_plugin_bundledWithHash.value", "null");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.lastDailyReport", "1399385445623");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.lastUpdate", "1399385442314");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.manifesturl", "");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.name", "HQ-Video-Pro-1.4");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.newtab", "");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.opensearch", "");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.pluginsurl", "hxxp://js.clientdemostack.com/plugin/apps/52920/plugins/094/ff/plugins.json");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.pluginsversion", 31);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.publisher", "HQ-Video");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.searchstatus", 0);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.setnewtab", false);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.thankyou", "");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.updateinterval", 360);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.ver", 36);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.FilesValidatorDueTime", "1399385501212");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.apps", "52920");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.bic", "1449b1936b27015c0691c7103853b51d");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.cid", 52920);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.firstrun", false);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.hadappinstalled", true);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.installationdate", 1394171525);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.modetype", "production");
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.reportInstall", true);
Linha deletada : user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.statsDailyCounter", 43);
Linha deletada : user_pref("extensions.crossrider.bic", "1449b1936b27015c0691c7103853b51d");
Linha deletada : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=101&systemid=488&v=a12521-331&apn_dtid=TCH001&apn_ptnrs=AG1&apn_uid=0125244214954411&o=APN11459&q=");
Linha deletada : user_pref("smartbar.machineId", "TXJVCSTUYOGJSRS64C/QKN69EECW/A8/YGM3/TVIYTNGJERZVMS9MINUIZQ9MUPIWDMMNIU59XE0JPDVYBVUDQ");

-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\Geral\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deletedo [Extension] : epojlgbehpaeekopencdagbdamnkppci

*************************

AdwCleaner[R0].txt - [52736 octets] - [06/05/2014 11:47:29]
AdwCleaner[S0].txt - [47458 octets] - [06/05/2014 11:50:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [47519 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Geral on 06/05/2014 at 12:18:56,19.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Geral\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

06/05/2014 12:21:41 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C155DA45-8ED7-4B0F-9A40-01777DD496FD} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update melondrea deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal");

Added to C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_052014_1246_.backup

==== Deleting Files \ Folders ======================

C:\Users\Geral\.android deleted
C:\extensions deleted
C:\Users\Geral\AppData\Roaming\Bonanza deleted
C:\Users\Geral\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\DRV10.tmp deleted
C:\PROGRA~3\E1010.tmp deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Users\Geral\AppData\Local\funmoods_2.3.1.crx deleted
C:\Users\Geral\AppData\Local\cache deleted
C:\Windows\SysNative\sasnative64.exe deleted
C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\CT2851643 deleted
C:\Users\Geral\AppData\Roaming\unins000.exe deleted
C:\Users\Geral\AppData\Roaming\unins001.exe deleted
C:\PROGRA~2\melondrea deleted
"C:\Users\Geral\AppData\Local\{092A0000-70AA-4DEB-BF56-367199A60A91}" deleted
"C:\PROGRA~2\Browser Tab Search by Ask\SafetyNut\safetycrt.dll" deleted
"C:\PROGRA~2\Browser Tab Search by Ask\SafetyNut\x64\safetycrt.dll" deleted
"C:\PROGRA~2\Browser Tab Search by Ask" not deleted
"C:\PROGRA~2\Browser Tab Search by Ask\SafetyNut" not deleted
"C:\PROGRA~2\Browser Tab Search by Ask\SafetyNut\x64" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [11/02/2014 14:35]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [30/04/2014 20:52]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
BE77CDD303A624DA42094FB1AEFBEAFE - C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
CB2E91D0686415506AD80DC662F1C4A5 - C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll - Módulo de Proteção - Banco Santander (Brasil) S.A.
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Geral\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
C899B98999270821EDFFA56044DE2377 - C:\Users\Geral\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
1528225A7126F04A5797471E4F20256D - C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaajfocmnnhjaajccaelhippajhaeod - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx[]
aaaajmcbjelppeedjdebbfppfjdeeinp - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU3-SAT\CRX\ToolbarCR.crx[]
fheoggkfdfchfphceeifdbepaooicaho - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[24/12/2013 15:47]

GBBD Guardião - Itaú 30 horas - Geral\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Google Wallet - Geral\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.mundopositivo.com.br/?utm_source=PC&utm_medium=browser&utm_campaign=urldefault;"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Geral\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Geral\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{76C5FBFF-572C-44D7-8610-4884A47B7154} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{76C5FBFF-572C-44D7-8610-4884A47B7154} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16F059CB-3D3F-4ECC-B426-BAFA47233676} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{76C5FBFF-572C-44D7-8610-4884A47B7154} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76C5FBFF-572C-44D7-8610-4884A47B7154} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{16F059CB-3D3F-4ECC-B426-BAFA47233676} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16F059CB-3D3F-4ECC-B426-BAFA47233676} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{76C5FBFF-572C-44D7-8610-4884A47B7154} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{16F059CB-3D3F-4ECC-B426-BAFA47233676} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Mozilla\Firefox\Extensions\{f9e37d79-7879-4fab-9498-a3ef56c7932c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Geral\Desktop\Brasfoot2014.lnk - C:\Users\Geral\Desktop\bras2014\Brasfoot2014\bf2014.exe
C:\Users\Geral\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Geral\Desktop\RagnarokHQ - Atalho.lnk - C:\Users\Geral\Desktop\Subsoft\RagnarokHQ\RagnarokHQ.exe
C:\Users\Geral\Desktop\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\Geral\Desktop\splayer - Atalho.lnk - C:\Users\Geral\Desktop\Raul\SPlayer\splayer.exe
C:\Users\Geral\Desktop\TABELA 2013 - atual - Atalho.lnk - C:\Users\Geral\Downloads\TABELA 2013 - atual.pdf
C:\Users\Geral\Desktop\WoWEmuHacker5 - Atalho.lnk - C:\Users\Geral\Desktop\WoW Emu Hacker 3.3.5\WoW Emu Hacker 3.3.5\WoWEmuHacker5.exe
C:\Users\Geral\Desktop\wowrm2 - Atalho.lnk - C:\Users\Geral\Downloads\WoW Realmlist Modifier\wowrm2.exe
C:\Users\Geral\Desktop\µTorrent.lnk -  
C:\Users\Geral\Desktop\Raul\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Geral\Desktop\Raul\Jogos\SNES\rom\Atalho para snes9xw.lnk - C:\jogos\snes\snes9xw.exe
C:\Users\Geral\Desktop\WoW Emu Hacker 3.3.5\WoW Emu Hacker 3.3.5\Battle.net.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\Users\Public\Desktop\Diablo III.lnk - C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe
C:\Users\Public\Desktop\Express Files.lnk - C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
C:\Users\Public\Desktop\Garena Plus.lnk - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\Users\Public\Desktop\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\Users\Public\Desktop\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\Users\Public\Desktop\McAfee Internet Security.lnk - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /desktopicon /platui
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mundo Positivo Bateria.lnk - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryAppManager.exe
C:\Users\Public\Desktop\Mundo Positivo Monitora.lnk - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Monitora\Monitora.exe
C:\Users\Public\Desktop\Mundo Positivo Webcam.lnk - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Webcam\WebCam.exe
C:\Users\Public\Desktop\Mundo Positivo.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoUI.exe Offer
C:\Users\Public\Desktop\Positivo Antirroubo.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Antirroubo\PositivoAntirroubo.exe
C:\Users\Public\Desktop\Positivo Fotos.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Fotos\PositivoFotos.exe
C:\Users\Public\Desktop\Positivo Jogos.lnk - C:\Fabricante\Positivo Jogos Atalhos
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe  /VIDEOSEARCH
C:\Users\Public\Desktop\WinZip.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE

==== shortcuts in Users Start Menu ======================

C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -  
C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\do Servidor EasyRO 2.0\Servidor EasyRO 2.0.lnk - C:\rag\Patch EasyRagnarok.exe
C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\do Servidor EasyRO 2.0\Uninstall do Servidor EasyRO 2.0.lnk - C:\rag\Uninstal.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena\Garena Plus.lnk - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena\Garena Plus\Garena Plus.lnk - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee Internet Security.lnk - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /desktopicon /platui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 18.0.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE

==== shortcuts in Quick Launch ======================

O log do Zoek está incompleto, copie ele todo e poste para podermos analisar.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Geral on 06/05/2014 at 12:18:56,19.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Geral\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

06/05/2014 12:21:41 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C155DA45-8ED7-4B0F-9A40-01777DD496FD} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update melondrea deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal");

Added to C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_052014_1246_.backup

==== Deleting Files \ Folders ======================

C:\Users\Geral\.android deleted
C:\extensions deleted
C:\Users\Geral\AppData\Roaming\Bonanza deleted
C:\Users\Geral\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\DRV10.tmp deleted
C:\PROGRA~3\E1010.tmp deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Users\Geral\AppData\Local\funmoods_2.3.1.crx deleted
C:\Users\Geral\AppData\Local\cache deleted
C:\Windows\SysNative\sasnative64.exe deleted
C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\CT2851643 deleted
C:\Users\Geral\AppData\Roaming\unins000.exe deleted
C:\Users\Geral\AppData\Roaming\unins001.exe deleted
C:\PROGRA~2\melondrea deleted
"C:\Users\Geral\AppData\Local\{092A0000-70AA-4DEB-BF56-367199A60A91}" deleted
"C:\PROGRA~2\Browser Tab Search by Ask\SafetyNut\safetycrt.dll" deleted
"C:\PROGRA~2\Browser Tab Search by Ask\SafetyNut\x64\safetycrt.dll" deleted
"C:\PROGRA~2\Browser Tab Search by Ask" not deleted
"C:\PROGRA~2\Browser Tab Search by Ask\SafetyNut" not deleted
"C:\PROGRA~2\Browser Tab Search by Ask\SafetyNut\x64" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [11/02/2014 14:35]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [30/04/2014 20:52]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
BE77CDD303A624DA42094FB1AEFBEAFE - C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
CB2E91D0686415506AD80DC662F1C4A5 - C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll - Módulo de Proteção - Banco Santander (Brasil) S.A.
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Geral\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
C899B98999270821EDFFA56044DE2377 - C:\Users\Geral\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
1528225A7126F04A5797471E4F20256D - C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaajfocmnnhjaajccaelhippajhaeod - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx[]
aaaajmcbjelppeedjdebbfppfjdeeinp - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU3-SAT\CRX\ToolbarCR.crx[]
fheoggkfdfchfphceeifdbepaooicaho - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[24/12/2013 15:47]

GBBD Guardião - Itaú 30 horas - Geral\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Google Wallet - Geral\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.mundopositivo.com.br/?utm_source=PC&utm_medium=browser&utm_campaign=urldefault;"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Geral\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Geral\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{76C5FBFF-572C-44D7-8610-4884A47B7154} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{76C5FBFF-572C-44D7-8610-4884A47B7154} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16F059CB-3D3F-4ECC-B426-BAFA47233676} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{76C5FBFF-572C-44D7-8610-4884A47B7154} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76C5FBFF-572C-44D7-8610-4884A47B7154} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{16F059CB-3D3F-4ECC-B426-BAFA47233676} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16F059CB-3D3F-4ECC-B426-BAFA47233676} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{76C5FBFF-572C-44D7-8610-4884A47B7154} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{16F059CB-3D3F-4ECC-B426-BAFA47233676} deleted successfully
HKEY_USERS\S-1-5-21-4051559463-1146500218-3036254188-1001\Software\Mozilla\Firefox\Extensions\{f9e37d79-7879-4fab-9498-a3ef56c7932c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{41545533-2D53-4154-00A7-7A786E7484D7} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Geral\Desktop\Brasfoot2014.lnk - C:\Users\Geral\Desktop\bras2014\Brasfoot2014\bf2014.exe
C:\Users\Geral\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Geral\Desktop\RagnarokHQ - Atalho.lnk - C:\Users\Geral\Desktop\Subsoft\RagnarokHQ\RagnarokHQ.exe
C:\Users\Geral\Desktop\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\Geral\Desktop\splayer - Atalho.lnk - C:\Users\Geral\Desktop\Raul\SPlayer\splayer.exe
C:\Users\Geral\Desktop\TABELA 2013 - atual - Atalho.lnk - C:\Users\Geral\Downloads\TABELA 2013 - atual.pdf
C:\Users\Geral\Desktop\WoWEmuHacker5 - Atalho.lnk - C:\Users\Geral\Desktop\WoW Emu Hacker 3.3.5\WoW Emu Hacker 3.3.5\WoWEmuHacker5.exe
C:\Users\Geral\Desktop\wowrm2 - Atalho.lnk - C:\Users\Geral\Downloads\WoW Realmlist Modifier\wowrm2.exe
C:\Users\Geral\Desktop\µTorrent.lnk -
C:\Users\Geral\Desktop\Raul\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Geral\Desktop\Raul\Jogos\SNES\rom\Atalho para snes9xw.lnk - C:\jogos\snes\snes9xw.exe
C:\Users\Geral\Desktop\WoW Emu Hacker 3.3.5\WoW Emu Hacker 3.3.5\Battle.net.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\Users\Public\Desktop\Diablo III.lnk - C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe
C:\Users\Public\Desktop\Express Files.lnk - C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
C:\Users\Public\Desktop\Garena Plus.lnk - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\Users\Public\Desktop\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\Users\Public\Desktop\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\Users\Public\Desktop\McAfee Internet Security.lnk - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /desktopicon /platui
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mundo Positivo Bateria.lnk - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryAppManager.exe
C:\Users\Public\Desktop\Mundo Positivo Monitora.lnk - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Monitora\Monitora.exe
C:\Users\Public\Desktop\Mundo Positivo Webcam.lnk - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Webcam\WebCam.exe
C:\Users\Public\Desktop\Mundo Positivo.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoUI.exe Offer
C:\Users\Public\Desktop\Positivo Antirroubo.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Antirroubo\PositivoAntirroubo.exe
C:\Users\Public\Desktop\Positivo Fotos.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Fotos\PositivoFotos.exe
C:\Users\Public\Desktop\Positivo Jogos.lnk - C:\Fabricante\Positivo Jogos Atalhos
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH
C:\Users\Public\Desktop\WinZip.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE

==== shortcuts in Users Start Menu ======================

C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\do Servidor EasyRO 2.0\Servidor EasyRO 2.0.lnk - C:\rag\Patch EasyRagnarok.exe
C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\do Servidor EasyRO 2.0\Uninstall do Servidor EasyRO 2.0.lnk - C:\rag\Uninstal.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena\Garena Plus.lnk - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena\Garena Plus\Garena Plus.lnk - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee Internet Security.lnk - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /desktopicon /platui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 18.0.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Geral\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Geral\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Geral\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Geral\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Geral\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Geral\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Geral\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Diablo III.lnk - C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe
C:\Users\Geral\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Geral\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Geral\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Geral\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaajfocmnnhjaajccaelhippajhaeod deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaajmcbjelppeedjdebbfppfjdeeinp deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Geral\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Geral\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Geral\AppData\Local\Mozilla\Firefox\Profiles\de6p037e.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Geral\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=235 folders=36 78174192 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Geral\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Geral\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Browser Tab Search by Ask" not found

==== EOF on 06/05/2014 at 13:01:15,49 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by Geral on 06/05/2014 at 13:16:13,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\Bonanza.job



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Geral\AppData\Roaming\mozilla\firefox\profiles\de6p037e.default\minidumps [4 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Geral\appdata\local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/05/2014 at 13:49:27,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.5.5.55 - Nicolas Coolman (05/05/2014)
~ Iniciado por Geral (06/05/2014 14:36:43)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16897
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
McAfee Internet Security v12.8.944
McAfee Security Scan Plus v3.8.141.11
Windows Defender W8

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader 9 - Português
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 5585 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 294 GB (66%) free of 445 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PC-HOUSE
~ User Name: Geral
~ All Users Names: Geral, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Geral\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Geral\AppData\Roaming\
~ %Desktop% : C:\Users\Geral\Desktop\
~ %Favorites% : C:\Users\Geral\Favorites\
~ %LocalAppData% : C:\Users\Geral\AppData\Local\
~ %StartMenu% : C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 294 Go of 445 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/12
~ Mes musiques (My Musics) : 1/191
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/31
~ Mon Bureau (My Desktop) : 2/12221
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 07s



---\\ Processos lançados
[MD5.36381C28F471C1B76042495F7D5E8F30] - (.No owner - MotoHelperAgent.) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe [784240] [PID.3288]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4716]
[MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.1376]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1748]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.2516]
[MD5.794088182E03569E9D827936EFDC4EBE] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe [805280] [PID.1736]
[MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe [1864368] [PID.2152]
[MD5.C77194C94AA796FD237FDDC3A0E420E5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7871488] [PID.3528]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\prefs.js
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Express Files.lnk . (...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O4 - GS\QuickLaunch [Geral]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Geral]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 06s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (.Positivo Informática SA - Gerenciador de Inicialização.) -- C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [GarenaPlus] . (.No owner - Garena Plus.) -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Geral\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [RaidCall] . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files (x86)\VNT\vntldr.exe =>Toolbar.Ask
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-21-4051559463-1146500218-3036254188-1001\..\Run: [GarenaPlus] . (.No owner - Garena Plus.) -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
O4 - HKUS\S-1-5-21-4051559463-1146500218-3036254188-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Geral\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-4051559463-1146500218-3036254188-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E087FC8A-AD53-4767-9C42-585210EF5F1D}: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{E087FC8A-AD53-4767-9C42-585210EF5F1D}: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: MotoHelper Service (MotoHelper) . (.No owner - MotoHelper Service.) - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
~ Services: 24 Legitimates Filtered in 00mn 21s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [System Speedup] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{008A3082-CAE7-441F-B560-D6589839FDCD}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{01717D7D-FD76-4584-8475-0AF4B9FAB468}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{034F81CB-C2FA-456D-B524-AB0D3919B5CE}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{04F2FF39-B52A-4B8D-9912-60651ABA3B32}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{0771D6DA-5E83-4458-8611-F02585BDF143}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{0BE8D8B3-18A1-4145-A5AF-53639FC11B46}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{0C55BFDF-016E-4CB1-9015-A58191C2CE80}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{0D321CBD-0608-40CB-BA3D-7E9863A88AD8}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{101F588E-4D7B-4B88-B95F-7D267D42F628}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{1213A85C-1036-48AD-8779-BF72E32EFEBA}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{138501AC-7CE8-49AD-8A21-ED56B1BABAF5}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{156E06E3-DE24-4DA1-875E-F2D10EF896D7}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{1676B7F1-291D-4B14-93E5-3BA3B14B66FB}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{17185B8E-2A3D-473A-9D11-C2270CD11D9E}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{189FE3D2-84BC-4B5F-ADF3-E525C887DE99}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{1A352713-510F-47AC-BB89-563F5F77A208}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{1A4D5D8E-AC90-45AB-86CC-FF1B7300E769}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{2768BFDC-F240-4607-A521-298FFA3361F0}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{28F34037-2D32-489B-BC8B-744FD6EA11A2}] (...) -- C:\Users\Geral\AppData\Local\BeamriseUninstall\Bootstrapper{1.Y2VqPwRP.100}.exe (.not file.) [0] =>Hijacker.Beamrise
[MD5.00000000000000000000000000000000] [APT] [{296872D2-DE00-4F6B-A006-D4F3C78F4AAF}] (...) -- C:\Users\Geral\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1108.exe (.not file.) [0] =>Adware.BDSearch
[MD5.00000000000000000000000000000000] [APT] [{2CEA224E-86B4-461D-8F1B-6F3EED764DE9}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{2DB35832-363D-44C5-80D2-A64C8EF47A64}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{34FEF416-CEEA-47FB-AB86-9FFF2BE2EB77}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{39D6AF13-F4E2-44AF-BE0C-247766565BFC}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{3FC2DA81-A158-459D-B370-52518706270D}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{41BE8C28-1A55-4BD7-BAAF-F5ADCD22B6AD}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{423727EF-D316-40F5-B27B-25C42D6D3EBC}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{42776961-2123-4EAE-BE61-C5B2AF49F8EA}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{496A52D2-C2ED-48B4-B5CC-7AE3959A2552}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{4D4B0DCB-125B-49F1-879B-F7AFFE677532}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{4DE4150B-AF61-410B-9ACB-C4FD4EA463ED}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{524ADB5B-3A3C-4E25-98AD-41E9F738FB20}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{5743A1E8-9F60-4B7A-AB88-1FE369213D92}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{59A853B1-CA27-4BF7-8E00-0C5D36DB3865}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{5C192929-433E-4F55-AAAE-C596D3476D54}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{5D2D220B-CFF2-4B58-9E0C-21EB7BDDEC89}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{603C7F2A-3351-4021-8D0E-58FE8D02D4F7}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{60D24328-48FA-4244-B227-07E0EF5E4A57}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{65DF20F6-B9B9-443F-934F-2D2B8137FFEB}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{67F7D548-2786-4449-8505-A57C278AD858}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{6B538F92-930A-4599-9C4B-1709354C653C}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{6D8A6156-E025-4633-89AE-58BD383ADF4A}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{6D9A44AE-6B00-4CB0-8049-1B3B924825FC}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{7058B2CA-D22F-41C2-BF90-342D287BBB49}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{7792F84A-9ECC-4B2C-96AF-007C16F40662}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{79DF69C2-407E-47EB-9C02-773A53453B95}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{7C8CC6A9-1F6B-4B38-8296-56CAB9869258}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{7D44F6F8-75B7-4B0D-B480-1143D8A49445}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{7EE11E68-D451-44BC-8DB9-E03BEDBE6496}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{7F8EF79E-6BBC-44B9-9CB1-696D4138ED16}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{7FD6EDF5-7BE4-4064-9053-1FC64EDD5927}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{80DACBB6-F845-4F87-A8DF-2E3AC33D3D4B}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{8392731F-BBC0-406E-AD4C-F059E9346646}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{83D8D228-C8B4-4158-A394-0D83BA3E9F55}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.6.0.35848\Uninstall.exe (.not file.) [0] =>Adware.BDSearch
[MD5.00000000000000000000000000000000] [APT] [{85913758-251B-4089-A48E-7673D5051D52}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{862E83D4-685B-4257-BBC0-353975ED3855}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{8B13C537-7918-4DB6-A7B0-9938C9D3A8E7}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{9481A7F5-E7AE-4C33-BAB3-A8C9F4F4A9EC}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{97AEF984-E531-45BE-BCAE-169292B6367B}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{97DB6BCD-B07F-4932-A26A-29AD7263E8F8}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{991CE20E-3571-4A65-8F63-40DCE8608B52}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{9CD6487A-EE4C-42D2-895E-C312E07F91AE}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{A3E06AE7-33C8-4926-BF04-1BF546793099}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{A67B5F2C-68F4-4611-9097-802E4E9CFD65}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{A6854F2B-4369-49C4-8D99-D3ECB5C1C36C}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{A7AE84FA-3050-4DF3-84E9-9CC0772AE270}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{A858EBC5-446E-4BA3-B123-F499B7BDA8EE}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{ADA0939F-D5EA-4E23-AE24-52B327556363}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{AF76F9E4-866D-4278-968A-76CD9ECD3086}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{AF92F498-E771-493F-90F5-57B5C751D140}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{B0E0FB59-F360-4EA6-A029-46F6A8C1F749}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{B0ECC157-7C43-4A2F-84C4-DE42E479FACC}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{B2F62737-0394-4006-8F52-745BA2A87D74}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{B38B836D-7778-4FF8-96BB-AEFF81FE02DF}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{B508A905-9C04-49CC-A4D7-E55326D51F69}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{B5A5603D-F46C-4584-9E5D-F34481D47F62}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{B5B2A82A-8112-458E-86FF-4885580BF20A}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{B60E731F-E31F-4D13-B599-E12DB8DC24B1}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{B87DC5F5-6E77-4566-9CB6-267E09B256F4}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{BB7E9D14-33C5-4F4C-A0F1-0430F01F9CF9}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{BB97A322-C8F0-4597-AA53-29674B552E0B}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{BBAE14CB-9E98-4D57-8E59-562B01810087}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{BD3A1381-1CC5-45AF-911C-ED97B313586F}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{BE12B9E9-3F66-43A4-8505-390AB898C9AE}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{BE71F511-1614-401F-989E-B159EB940315}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{C047446D-2247-4A2A-851B-AD34D42B3EDE}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{C19E5BFF-E397-4E9F-9EF4-1FB3E3211976}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{C1E27678-682D-4799-A866-ABFF15744110}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{C23EB21E-D643-4A0F-B0C5-61B81B26CE8B}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{C3317BE5-7581-42EE-91F9-4CECD392FFA8}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{C59AC81D-6414-4C4A-AF8F-4D97DE491CAA}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{C67F8125-5D84-4871-B31E-CBB0AE7A5346}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{C8199EB9-C6D5-477D-AEF2-3F5A64563164}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{C834D24A-3FAC-48A7-AE4A-A1C1B8C1B684}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{C891DEC5-15C6-4D64-BC62-6F670D3453AC}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{CB4981D2-0F91-4105-85B5-F703394E4F12}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{CD19E3EE-E27B-43F0-B6CA-DDD504950F49}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{CF1DA2F0-FCCC-431E-B0B2-215BE46A95A5}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{D0EFC175-0D80-4EE9-BA51-F4F91B2D8610}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{D2F47437-5379-4EDC-9016-5C476D924E3D}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{D3CD556F-45AC-473C-8686-230E9B4E5F68}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{D52561E1-304D-466A-95C0-CB3B1B267AEF}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{E72B6F96-06A0-4F6D-B5DB-3E5DF8AB1428}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{EA331745-4983-4C72-89FB-106E0482F28C}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{EB64DFF6-D129-47C4-A1C9-E1C544CE1E12}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{EBEB2A51-9DFB-4075-8598-F7E5BAAB176F}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{ECDD9CB8-E42B-4940-9806-EF07ECA5957B}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{F09BE4A8-33B8-41DB-898B-8855947F1F95}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{F43DEAAF-8340-430E-961D-A3313BD2823E}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{F85E0BF7-9CC1-4646-8CBA-38728922F8C9}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{F919461A-5EA4-4F59-A09C-0466753C949B}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{FBBFFE32-E467-40BB-BD85-BC24B0FBD384}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{FFB4B249-8964-414B-A11F-72449EB60DFA}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
[MD5.00000000000000000000000000000000] [APT] [{FFE5CB4A-F0D1-43A4-BB02-E54B3198FA42}] (...) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (.not file.) [0] =>PUP.SystemSpeedup
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4051559463-1146500218-3036254188-1001Core [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4051559463-1146500218-3036254188-1001UA [946]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [868]
O39 - APT: APT: - (..) -- C:\Windows\System32\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [868] - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d [870]
~ Scheduled Task: 134 Legitimates Filtered in 00mn 16s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({c047df5e-0fda-4055-b5db-a96a8a34a094}Gw64) . (. - .) - C:\Windows\System32\drivers\{c047df5e-0fda-4055-b5db-a96a8a34a094}Gw64.sys (.not file.)
~ Drivers: 46 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Ask Shopping Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {41545533-2D53-4154-00A7-A758B70C0A06} =>Adware.Bandoo
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {41545534-2D56-3700-76A7-A758B70C0A06} =>Adware.Bandoo
O42 - Logiciel: CrimsonRO 1.1 - (.CrimsonRO.) [HKLM][64Bits] -- CrimsonRO 1.1
O42 - Logiciel: Driver 1.3.1 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: IPM 1.9.2 - (.OEM.) [HKLM][64Bits] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: LyricXeeker - (.LyriXeeker Tech.) [HKLM][64Bits] -- {56f379ce-c069-44dd-b72a-d79706df8495}
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM][64Bits] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Plantas vs Zumbis(TM) (remove only) - (...) [HKLM][64Bits] -- Plantas vs Zumbis(TM)
O42 - Logiciel: RagnaNice 1.0 - (.RagnaNice.) [HKLM][64Bits] -- RagnaNice 1.0
O42 - Logiciel: RagnaNice 1.1 - (.RagnaNice.) [HKLM][64Bits] -- RagnaNice 1.1
O42 - Logiciel: RagnaNice 1.2 - (.RagnaNice.) [HKLM][64Bits] -- RagnaNice 1.2
O42 - Logiciel: RagnaNice 1.3 - (.RagnaNice.) [HKLM][64Bits] -- RagnaNice 1.3
O42 - Logiciel: RagnaNice 2.0 - (.RagnaNice.) [HKLM][64Bits] -- RagnaNice 2.0
O42 - Logiciel: Ragnamania Ver1.3 - (.Ragnamania MMORPG.) [HKLM][64Bits] -- Ragnamania Ver1.3
O42 - Logiciel: Sally's Studio(TM) (remove only) - (...) [HKLM][64Bits] -- Sally's Studio(TM)
O42 - Logiciel: Snes9x - (...) [HKLM][64Bits] -- Snes9x
O42 - Logiciel: Update_for_BonanzaDeals - (.Update_for_BonanzaDeals.) [HKCU][64Bits] -- Bonanza =>Adware.BonanzaDeals
O42 - Logiciel: do Servidor EasyRO 2.0 - (...) [HKCU][64Bits] -- do Servidor EasyRO 2.0
O42 - Logiciel: melondrea - (.melondrea.) [HKLM][64Bits] -- melondrea =>PUP.Melondrea
~ Logic: 41 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Beamrise] =>Hijacker.Beamrise
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\DefRow]
[HKCU\Software\GbAs]
[HKCU\Software\SoilAP]
[HKCU\Software\VNT]
[HKCU\Software\melondrea] =>PUP.Melondrea
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\IACSearchAndMedia]
[HKLM\Software\SoilIO]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\IACSearchAndMedia]
[HKLM\Software\Wow6432Node\LeveUp! Games]
[HKLM\Software\Wow6432Node\RCBR]
[HKLM\Software\Wow6432Node\melondrea] =>PUP.Melondrea
~ Key Software: 341 Legitimates Filtered in 00mn 03s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 31/03/2014 - 21:31:48 - [] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 21/08/2013 - 12:05:45 - [] ----D C:\Program Files (x86)\LeveUp! Games
O43 - CFD: 13/07/2013 - 22:12:54 - [] ----D C:\Program Files (x86)\Snes9x
O43 - CFD: 19/08/2013 - 10:33:11 - [] ----D C:\Program Files (x86)\SupportInfo
O43 - CFD: 19/08/2013 - 10:35:09 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 28/04/2014 - 20:51:51 - [] ----D C:\Program Files (x86)\VNT
O43 - CFD: 05/03/2014 - 00:24:14 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 28/04/2014 - 20:49:30 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 31/03/2014 - 21:31:41 - [] ----D C:\Users\Geral\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 23/07/2013 - 12:32:13 - [] ----D C:\Users\Geral\AppData\Roaming\VIVO INTERNET
O43 - CFD: 20/08/2013 - 15:18:02 - [] ----D C:\Users\Geral\AppData\Roaming\xim
O43 - CFD: 28/04/2014 - 20:53:26 - [] ----D C:\Users\Geral\AppData\Local\VNT
O43 - CFD: 23/08/2013 - 10:51:19 - [0] ----D C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2013
O43 - CFD: 03/03/2014 - 15:17:34 - [0] ----D C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot2014
O43 - CFD: 11/03/2014 - 14:10:08 - [] ----D C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\do Servidor EasyRO 2.0
O43 - CFD: 13/07/2013 - 22:12:54 - [0] ----D C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Snes9x
~ Program Folder: 189 Legitimates Filtered in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A1B278900E00D96B57F3596EC9BE2D5E] - 03/05/2014 - 23:16:45 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.ACCC041F2326939B207E5953F97B7C37] - 03/05/2014 - 23:16:45 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.10B74DFCB72728EBEEF9B1B951711218] - 06/05/2014 - 11:58:28 ---A- . (...) -- C:\Windows\win.ini [475]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 06/05/2014 - 12:14:44 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.7B6DCAB12E09314797D8EC73683ED316] - 06/05/2014 - 13:01:15 ---A- . (...) -- C:\zoek-results.log [24205]
O44 - LFC:[MD5.907B99CAF0CA187477019DD961137A54] - 27/04/2014 - 23:57:31 ---A- . (...) -- C:\fraglist.luar [353]
O44 - LFC:[MD5.6E2CDAF672063FA3434F76A3390F1842] - 28/04/2014 - 20:50:42 ---A- . (...) -- C:\Archive.ini [47]
~ Files: 16 Legitimates Filtered in 03mn 33s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{22ac48a7-d2fb-11e2-be7e-c24b3d8f6c17}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{22ac48e5-d2fb-11e2-be7e-c24b3d8f6c17}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{22ac4920-d2fb-11e2-be7e-c24b3d8f6c17}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{2d9eac90-ee4a-11e2-be8c-80ee734f4205}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{2d9eb09a-ee4a-11e2-be8c-80ee734f4205}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{6284b0f7-ad16-11e3-bf0b-80ee734f4205}\AutoRun\command. (...) -- E:\LGAutoRun.exe (.not file.)
O51 - MPSK:{bff09522-6483-11e3-bedb-80ee734f4205}\AutoRun\command. (...) -- E:\SISetup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/10/2012 - 04:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:19/10/2012 - 04:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:19/08/2010 - 16:59:12 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:03/12/2009 - 10:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [13816]
O58 - SDL:03/12/2009 - 10:04:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [13304]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:06/05/2014 - 12:57:22 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 59 Legitimates Filtered in 00mn 10s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Comodo - Comodo Dragon.) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D0145C7D8078044EBA109BA4F6A9AE68] [SPRF][10/09/2013] (...) -- C:\Users\Geral\AppData\Roaming\room_v3.dat [45270]
[MD5.1704A82C7755C10311D4FBF501B20EFA] [SPRF][14/07/2013] (...) -- C:\Users\Geral\AppData\Roaming\unins000.dat [26618]
[MD5.D44C4F55883FBB42D512FE80C73D76BB] [SPRF][30/04/2014] (...) -- C:\Users\Geral\AppData\Roaming\unins001.dat [16873]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{039D0E56-E175-4960-8654-2983F1FF417E}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{D2112E34-073F-4D9A-9163-D9724B94CFA3}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{C10FB58E-AF4A-4BB3-9495-ADFB339D55C1}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{5DD71185-C6E7-4B07-9A0A-37ADB089DD61}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 13s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "3355451435D24514007A7A857BC0A060" . (.Ask Shopping Toolbar.) -- C:\Windows\Installer\{41545533-2D53-4154-00A7-A758B70C0A06}\ToolbarIcon.exe =>Adware.Bandoo
O90 - PUC: "4355451465D20073677A7A857BC0A060" . (.Ask Toolbar.) -- C:\Windows\Installer\{41545534-2D56-3700-76A7-A758B70C0A06}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 2 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BE37F2BD87773DF1ABC426041FA51A97] [WIS][27/03/2014] (.APN, LLC - Ask Shopping Toolbar.) -- C:\Windows\Installer\14e84381.msi [470528] =>Adware.Bandoo
[MD5.C62434DA10998ABB9D5066E0D6F6B98A] [WIS][01/04/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\ff0af53.msi [464384] =>Adware.Bandoo
~ WIS: 2 Legitimates Filtered in 00mn 09s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.Melondrea
~ BTK: 88 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 27/06/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/06/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Demand 09/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (npggsvc) . (...) - C:\Windows\system32\GameMon.des
SS - | Demand 23/04/2014 572096 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 24/01/2013 51480 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryManagerService.exe
SR - | Auto 24/12/2012 1868432 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 128896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 28/01/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 21/01/2014 1025712 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 17/03/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 17/03/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 01/02/2012 214896 | (MotoHelper) . (...) - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/07/2013 4153184 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 32s



---\\ Scâner Aditional (088)
Database Version : 13045 - (05/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 9

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{41545533-2D53-4154-00A7-A758B70C0A06}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{41545534-2D56-3700-76A7-A758B70C0A06}] =>Adware.Bandoo^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza] =>Adware.BonanzaDeals^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\melondrea] =>PUP.Melondrea^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:VNT =>Toolbar.Ask^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Geral\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Beamrise] =>Hijacker.Beamrise^
[HKCU\Software\melondrea] =>PUP.Melondrea^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\melondrea] =>PUP.Melondrea^
C:\Windows\Installer\14e84381.msi =>Adware.Bandoo^
C:\Windows\Installer\ff0af53.msi =>Adware.Bandoo^
~ Additionnel Scan: 277856 Items scanned in 01mn 42s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.ExpressFiles
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SystemSpeedup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Bandoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BonanzaDeals
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Melondrea
~ MSI: 8 link(s) detected in 00mn 00s



~ 878 Legitimates filtered by white list
End of the scan (683 lines in 08mn 03s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Geral at 06/05/2014 16:19:22
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (03mn 08s)
Reparação de atalhos do navegador

========== Softwares ==========
ELIMINÉ: Ask Shopping Toolbar
ELIMINÉ: Ask Toolbar
AUSENTE Uninstall Process: c:\program files (x86)\lyrixeeker\uninstall.exe

========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{41545533-2D53-4154-00A7-A758B70C0A06}]
ELIMINÉ: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{41545534-2D56-3700-76A7-A758B70C0A06}]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56f379ce-c069-44dd-b72a-d79706df8495}]
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {c047df5e-0fda-4055-b5db-a96a8a34a094}Gw64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Beamrise
ELIMINÉ: HKCU\Software\VNT
ELIMINÉ: HKCU\Software\melondrea
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\IACSearchAndMedia
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\melondrea
ELIMINÉ CLSID MPSK: {22ac48a7-d2fb-11e2-be7e-c24b3d8f6c17}
ELIMINÉ CLSID MPSK: {22ac48e5-d2fb-11e2-be7e-c24b3d8f6c17}
ELIMINÉ CLSID MPSK: {22ac4920-d2fb-11e2-be7e-c24b3d8f6c17}
ELIMINÉ CLSID MPSK: {2d9eac90-ee4a-11e2-be8c-80ee734f4205}
ELIMINÉ CLSID MPSK: {2d9eb09a-ee4a-11e2-be8c-80ee734f4205}
ELIMINÉ CLSID MPSK: {6284b0f7-ad16-11e3-bf0b-80ee734f4205}
ELIMINÉ CLSID MPSK: {bff09522-6483-11e3-bedb-80ee734f4205}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\3355451435D24514007A7A857BC0A060]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\3355451435D24514007A7A857BC0A060]
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\4355451465D20073677A7A857BC0A060]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\4355451465D20073677A7A857BC0A060]
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\melondrea

========== Valores do Registo ==========
ELIMINÉ RunValue: VNT
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\express files.lnk
ELIMINÉ: c:\program files (x86)\vnt\vntldr.exe
ELIMINÉ: C:\Windows\Installer\14e84381.msi
ELIMINÉ: C:\Windows\Installer\ff0af53.msi
ELIMINÉ Temporários windows (124) (1.815.309 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: System Speedup
ELIMINÉ: {008A3082-CAE7-441F-B560-D6589839FDCD}
ELIMINÉ: {01717D7D-FD76-4584-8475-0AF4B9FAB468}
ELIMINÉ: {034F81CB-C2FA-456D-B524-AB0D3919B5CE}
ELIMINÉ: {04F2FF39-B52A-4B8D-9912-60651ABA3B32}
ELIMINÉ: {0771D6DA-5E83-4458-8611-F02585BDF143}
ELIMINÉ: {0BE8D8B3-18A1-4145-A5AF-53639FC11B46}
ELIMINÉ: {0C55BFDF-016E-4CB1-9015-A58191C2CE80}
ELIMINÉ: {0D321CBD-0608-40CB-BA3D-7E9863A88AD8}
ELIMINÉ: {101F588E-4D7B-4B88-B95F-7D267D42F628}
ELIMINÉ: {1213A85C-1036-48AD-8779-BF72E32EFEBA}
ELIMINÉ: {138501AC-7CE8-49AD-8A21-ED56B1BABAF5}
ELIMINÉ: {156E06E3-DE24-4DA1-875E-F2D10EF896D7}
ELIMINÉ: {1676B7F1-291D-4B14-93E5-3BA3B14B66FB}
ELIMINÉ: {17185B8E-2A3D-473A-9D11-C2270CD11D9E}
ELIMINÉ: {189FE3D2-84BC-4B5F-ADF3-E525C887DE99}
ELIMINÉ: {1A352713-510F-47AC-BB89-563F5F77A208}
ELIMINÉ: {1A4D5D8E-AC90-45AB-86CC-FF1B7300E769}
ELIMINÉ: {2768BFDC-F240-4607-A521-298FFA3361F0}
ELIMINÉ: {28F34037-2D32-489B-BC8B-744FD6EA11A2}
ELIMINÉ: {296872D2-DE00-4F6B-A006-D4F3C78F4AAF}
ELIMINÉ: {2CEA224E-86B4-461D-8F1B-6F3EED764DE9}
ELIMINÉ: {2DB35832-363D-44C5-80D2-A64C8EF47A64}
ELIMINÉ: {34FEF416-CEEA-47FB-AB86-9FFF2BE2EB77}
ELIMINÉ: {39D6AF13-F4E2-44AF-BE0C-247766565BFC}
ELIMINÉ: {3FC2DA81-A158-459D-B370-52518706270D}
ELIMINÉ: {41BE8C28-1A55-4BD7-BAAF-F5ADCD22B6AD}
ELIMINÉ: {423727EF-D316-40F5-B27B-25C42D6D3EBC}
ELIMINÉ: {42776961-2123-4EAE-BE61-C5B2AF49F8EA}
ELIMINÉ: {496A52D2-C2ED-48B4-B5CC-7AE3959A2552}
ELIMINÉ: {4D4B0DCB-125B-49F1-879B-F7AFFE677532}
ELIMINÉ: {4DE4150B-AF61-410B-9ACB-C4FD4EA463ED}
ELIMINÉ: {524ADB5B-3A3C-4E25-98AD-41E9F738FB20}
ELIMINÉ: {5743A1E8-9F60-4B7A-AB88-1FE369213D92}
ELIMINÉ: {59A853B1-CA27-4BF7-8E00-0C5D36DB3865}
ELIMINÉ: {5C192929-433E-4F55-AAAE-C596D3476D54}
ELIMINÉ: {5D2D220B-CFF2-4B58-9E0C-21EB7BDDEC89}
ELIMINÉ: {603C7F2A-3351-4021-8D0E-58FE8D02D4F7}
ELIMINÉ: {60D24328-48FA-4244-B227-07E0EF5E4A57}
ELIMINÉ: {65DF20F6-B9B9-443F-934F-2D2B8137FFEB}
ELIMINÉ: {67F7D548-2786-4449-8505-A57C278AD858}
ELIMINÉ: {6B538F92-930A-4599-9C4B-1709354C653C}
ELIMINÉ: {6D8A6156-E025-4633-89AE-58BD383ADF4A}
ELIMINÉ: {6D9A44AE-6B00-4CB0-8049-1B3B924825FC}
ELIMINÉ: {7058B2CA-D22F-41C2-BF90-342D287BBB49}
ELIMINÉ: {7792F84A-9ECC-4B2C-96AF-007C16F40662}
ELIMINÉ: {79DF69C2-407E-47EB-9C02-773A53453B95}
ELIMINÉ: {7C8CC6A9-1F6B-4B38-8296-56CAB9869258}
ELIMINÉ: {7D44F6F8-75B7-4B0D-B480-1143D8A49445}
ELIMINÉ: {7EE11E68-D451-44BC-8DB9-E03BEDBE6496}
ELIMINÉ: {7F8EF79E-6BBC-44B9-9CB1-696D4138ED16}
ELIMINÉ: {7FD6EDF5-7BE4-4064-9053-1FC64EDD5927}
ELIMINÉ: {80DACBB6-F845-4F87-A8DF-2E3AC33D3D4B}
ELIMINÉ: {8392731F-BBC0-406E-AD4C-F059E9346646}
ELIMINÉ: {83D8D228-C8B4-4158-A394-0D83BA3E9F55}
ELIMINÉ: {85913758-251B-4089-A48E-7673D5051D52}
ELIMINÉ: {862E83D4-685B-4257-BBC0-353975ED3855}
ELIMINÉ: {8B13C537-7918-4DB6-A7B0-9938C9D3A8E7}
ELIMINÉ: {9481A7F5-E7AE-4C33-BAB3-A8C9F4F4A9EC}
ELIMINÉ: {97AEF984-E531-45BE-BCAE-169292B6367B}
ELIMINÉ: {97DB6BCD-B07F-4932-A26A-29AD7263E8F8}
ELIMINÉ: {991CE20E-3571-4A65-8F63-40DCE8608B52}
ELIMINÉ: {9CD6487A-EE4C-42D2-895E-C312E07F91AE}
ELIMINÉ: {A3E06AE7-33C8-4926-BF04-1BF546793099}
ELIMINÉ: {A67B5F2C-68F4-4611-9097-802E4E9CFD65}
ELIMINÉ: {A6854F2B-4369-49C4-8D99-D3ECB5C1C36C}
ELIMINÉ: {A7AE84FA-3050-4DF3-84E9-9CC0772AE270}
ELIMINÉ: {A858EBC5-446E-4BA3-B123-F499B7BDA8EE}
ELIMINÉ: {ADA0939F-D5EA-4E23-AE24-52B327556363}
ELIMINÉ: {AF76F9E4-866D-4278-968A-76CD9ECD3086}
ELIMINÉ: {AF92F498-E771-493F-90F5-57B5C751D140}
ELIMINÉ: {B0E0FB59-F360-4EA6-A029-46F6A8C1F749}
ELIMINÉ: {B0ECC157-7C43-4A2F-84C4-DE42E479FACC}
ELIMINÉ: {B2F62737-0394-4006-8F52-745BA2A87D74}
ELIMINÉ: {B38B836D-7778-4FF8-96BB-AEFF81FE02DF}
ELIMINÉ: {B508A905-9C04-49CC-A4D7-E55326D51F69}
ELIMINÉ: {B5A5603D-F46C-4584-9E5D-F34481D47F62}
ELIMINÉ: {B5B2A82A-8112-458E-86FF-4885580BF20A}
ELIMINÉ: {B60E731F-E31F-4D13-B599-E12DB8DC24B1}
ELIMINÉ: {B87DC5F5-6E77-4566-9CB6-267E09B256F4}
ELIMINÉ: {BB7E9D14-33C5-4F4C-A0F1-0430F01F9CF9}
ELIMINÉ: {BB97A322-C8F0-4597-AA53-29674B552E0B}
ELIMINÉ: {BBAE14CB-9E98-4D57-8E59-562B01810087}
ELIMINÉ: {BD3A1381-1CC5-45AF-911C-ED97B313586F}
ELIMINÉ: {BE12B9E9-3F66-43A4-8505-390AB898C9AE}
ELIMINÉ: {BE71F511-1614-401F-989E-B159EB940315}
ELIMINÉ: {C047446D-2247-4A2A-851B-AD34D42B3EDE}
ELIMINÉ: {C19E5BFF-E397-4E9F-9EF4-1FB3E3211976}
ELIMINÉ: {C1E27678-682D-4799-A866-ABFF15744110}
ELIMINÉ: {C23EB21E-D643-4A0F-B0C5-61B81B26CE8B}
ELIMINÉ: {C3317BE5-7581-42EE-91F9-4CECD392FFA8}
ELIMINÉ: {C59AC81D-6414-4C4A-AF8F-4D97DE491CAA}
ELIMINÉ: {C67F8125-5D84-4871-B31E-CBB0AE7A5346}
ELIMINÉ: {C8199EB9-C6D5-477D-AEF2-3F5A64563164}
ELIMINÉ: {C834D24A-3FAC-48A7-AE4A-A1C1B8C1B684}
ELIMINÉ: {C891DEC5-15C6-4D64-BC62-6F670D3453AC}
ELIMINÉ: {CB4981D2-0F91-4105-85B5-F703394E4F12}
ELIMINÉ: {CD19E3EE-E27B-43F0-B6CA-DDD504950F49}
ELIMINÉ: {CF1DA2F0-FCCC-431E-B0B2-215BE46A95A5}
ELIMINÉ: {D0EFC175-0D80-4EE9-BA51-F4F91B2D8610}
ELIMINÉ: {D2F47437-5379-4EDC-9016-5C476D924E3D}
ELIMINÉ: {D3CD556F-45AC-473C-8686-230E9B4E5F68}
ELIMINÉ: {D52561E1-304D-466A-95C0-CB3B1B267AEF}
ELIMINÉ: {E72B6F96-06A0-4F6D-B5DB-3E5DF8AB1428}
ELIMINÉ: {EA331745-4983-4C72-89FB-106E0482F28C}
ELIMINÉ: {EB64DFF6-D129-47C4-A1C9-E1C544CE1E12}
ELIMINÉ: {EBEB2A51-9DFB-4075-8598-F7E5BAAB176F}
ELIMINÉ: {ECDD9CB8-E42B-4940-9806-EF07ECA5957B}
ELIMINÉ: {F09BE4A8-33B8-41DB-898B-8855947F1F95}
ELIMINÉ: {F43DEAAF-8340-430E-961D-A3313BD2823E}
ELIMINÉ: {F85E0BF7-9CC1-4646-8CBA-38728922F8C9}
ELIMINÉ: {F919461A-5EA4-4F59-A09C-0466753C949B}
ELIMINÉ: {FBBFFE32-E467-40BB-BD85-BC24B0FBD384}
ELIMINÉ: {FFB4B249-8964-414B-A11F-72449EB60DFA}
ELIMINÉ: {FFE5CB4A-F0D1-43A4-BB02-E54B3198FA42}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
37 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
6 : Ficheiros
3 : Softwares
115 : Tarefa planificada
1 : Restauração Sistema


End of clean in 05mn 48s

========== Caminho do ficheiro do relatório ==========
C:\Users\Geral\AppData\Roaming\ZHP\ZHPFix[R1].txt - 06/05/2014 16:22:31 [9498]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.5.5.55 - Nicolas Coolman (05/05/2014)
~ Iniciado por Geral (06/05/2014 16:28:04)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16897
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
McAfee Internet Security v12.8.944
McAfee Security Scan Plus v3.8.141.11
Windows Defender W8

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader 9 - Português
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 5585 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 294 GB (66%) free of 445 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PC-HOUSE
~ User Name: Geral
~ All Users Names: Geral, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Geral\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Geral\AppData\Roaming\
~ %Desktop% : C:\Users\Geral\Desktop\
~ %Favorites% : C:\Users\Geral\Favorites\
~ %LocalAppData% : C:\Users\Geral\AppData\Local\
~ %StartMenu% : C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 294 Go of 445 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/12
~ Mes musiques (My Musics) : 1/191
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/31
~ Mon Bureau (My Desktop) : 2/12222
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 08s



---\\ Processos lançados
[MD5.36381C28F471C1B76042495F7D5E8F30] - (.No owner - MotoHelperAgent.) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe [784240] [PID.3288]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4716]
[MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.1376]
[MD5.794088182E03569E9D827936EFDC4EBE] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe [805280] [PID.1736]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5920]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4960]
[MD5.45892BDEDD0AD70AED4CCD22D9FB5984] - (.Blizzard Entertainment - World of Warcraft Retail.) -- C:\Users\Geral\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe [7704216] [PID.7000]
[MD5.C77194C94AA796FD237FDDC3A0E420E5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7871488] [PID.3180]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Geral\AppData\Roaming\Mozilla\Firefox\Profiles\de6p037e.default\prefs.js
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Geral\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Geral]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Geral]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 03s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (.Positivo Informática SA - Gerenciador de Inicialização.) -- C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [GarenaPlus] . (.No owner - Garena Plus.) -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Geral\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [RaidCall] . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-21-4051559463-1146500218-3036254188-1001\..\Run: [GarenaPlus] . (.No owner - Garena Plus.) -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
O4 - HKUS\S-1-5-21-4051559463-1146500218-3036254188-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Geral\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-4051559463-1146500218-3036254188-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E087FC8A-AD53-4767-9C42-585210EF5F1D}: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{E087FC8A-AD53-4767-9C42-585210EF5F1D}: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: MotoHelper Service (MotoHelper) . (.No owner - MotoHelper Service.) - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
~ Services: 24 Legitimates Filtered in 00mn 24s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4051559463-1146500218-3036254188-1001Core [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4051559463-1146500218-3036254188-1001UA [946]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [868]
O39 - APT: APT: - (..) -- C:\Windows\System32\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [868] - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d [870]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 07s



---\\ Software instalados (042)
O42 - Logiciel: CrimsonRO 1.1 - (.CrimsonRO.) [HKLM][64Bits] -- CrimsonRO 1.1
O42 - Logiciel: Driver 1.3.1 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: IPM 1.9.2 - (.OEM.) [HKLM][64Bits] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM][64Bits] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Plantas vs Zumbis(TM) (remove only) - (...) [HKLM][64Bits] -- Plantas vs Zumbis(TM)
O42 - Logiciel: RagnaNice 1.0 - (.RagnaNice.) [HKLM][64Bits] -- RagnaNice 1.0
O42 - Logiciel: RagnaNice 1.1 - (.RagnaNice.) [HKLM][64Bits] -- RagnaNice 1.1
O42 - Logiciel: RagnaNice 1.2 - (.RagnaNice.) [HKLM][64Bits] -- RagnaNice 1.2
O42 - Logiciel: RagnaNice 1.3 - (.RagnaNice.) [HKLM][64Bits] -- RagnaNice 1.3
O42 - Logiciel: RagnaNice 2.0 - (.RagnaNice.) [HKLM][64Bits] -- RagnaNice 2.0
O42 - Logiciel: Ragnamania Ver1.3 - (.Ragnamania MMORPG.) [HKLM][64Bits] -- Ragnamania Ver1.3
O42 - Logiciel: Sally's Studio(TM) (remove only) - (...) [HKLM][64Bits] -- Sally's Studio(TM)
O42 - Logiciel: Snes9x - (...) [HKLM][64Bits] -- Snes9x
O42 - Logiciel: do Servidor EasyRO 2.0 - (...) [HKCU][64Bits] -- do Servidor EasyRO 2.0
~ Logic: 39 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Bonanza] =>Adware.BonanzaDeals
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot2014]
[HKCU\Software\DefRow]
[HKCU\Software\GbAs]
[HKCU\Software\SoilAP]
[HKLM\Software\SoilIO]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\LeveUp! Games]
[HKLM\Software\Wow6432Node\RCBR]
~ Key Software: 324 Legitimates Filtered in 00mn 03s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/08/2013 - 12:05:45 - [] ----D C:\Program Files (x86)\LeveUp! Games
O43 - CFD: 13/07/2013 - 22:12:54 - [] ----D C:\Program Files (x86)\Snes9x
O43 - CFD: 19/08/2013 - 10:33:11 - [] ----D C:\Program Files (x86)\SupportInfo
O43 - CFD: 19/08/2013 - 10:35:09 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 28/04/2014 - 20:49:30 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 23/07/2013 - 12:32:13 - [] ----D C:\Users\Geral\AppData\Roaming\VIVO INTERNET
O43 - CFD: 20/08/2013 - 15:18:02 - [] ----D C:\Users\Geral\AppData\Roaming\xim
O43 - CFD: 23/08/2013 - 10:51:19 - [0] ----D C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2013
O43 - CFD: 03/03/2014 - 15:17:34 - [0] ----D C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot2014
O43 - CFD: 11/03/2014 - 14:10:08 - [] ----D C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\do Servidor EasyRO 2.0
O43 - CFD: 13/07/2013 - 22:12:54 - [0] ----D C:\Users\Geral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Snes9x
~ Program Folder: 184 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A1B278900E00D96B57F3596EC9BE2D5E] - 03/05/2014 - 23:16:45 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.ACCC041F2326939B207E5953F97B7C37] - 03/05/2014 - 23:16:45 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.10B74DFCB72728EBEEF9B1B951711218] - 06/05/2014 - 11:58:28 ---A- . (...) -- C:\Windows\win.ini [475]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 06/05/2014 - 12:14:44 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.7B6DCAB12E09314797D8EC73683ED316] - 06/05/2014 - 13:01:15 ---A- . (...) -- C:\zoek-results.log [24205]
O44 - LFC:[MD5.907B99CAF0CA187477019DD961137A54] - 27/04/2014 - 23:57:31 ---A- . (...) -- C:\fraglist.luar [353]
O44 - LFC:[MD5.6E2CDAF672063FA3434F76A3390F1842] - 28/04/2014 - 20:50:42 ---A- . (...) -- C:\Archive.ini [47]
~ Files: 16 Legitimates Filtered in 00mn 05s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/10/2012 - 04:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:19/10/2012 - 04:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:19/08/2010 - 16:59:12 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:03/12/2009 - 10:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [13816]
O58 - SDL:03/12/2009 - 10:04:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [13304]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:06/05/2014 - 12:57:22 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 59 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Comodo - Comodo Dragon.) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D0145C7D8078044EBA109BA4F6A9AE68] [SPRF][10/09/2013] (...) -- C:\Users\Geral\AppData\Roaming\room_v3.dat [45270]
[MD5.1704A82C7755C10311D4FBF501B20EFA] [SPRF][14/07/2013] (...) -- C:\Users\Geral\AppData\Roaming\unins000.dat [26618]
[MD5.D44C4F55883FBB42D512FE80C73D76BB] [SPRF][30/04/2014] (...) -- C:\Users\Geral\AppData\Roaming\unins001.dat [16873]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{039D0E56-E175-4960-8654-2983F1FF417E}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{D2112E34-073F-4D9A-9163-D9724B94CFA3}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{C10FB58E-AF4A-4BB3-9495-ADFB339D55C1}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{5DD71185-C6E7-4B07-9A0A-37ADB089DD61}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Geral\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 04s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 27/06/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/06/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Demand 09/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (npggsvc) . (...) - C:\Windows\system32\GameMon.des
SS - | Demand 23/04/2014 572096 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 24/01/2013 51480 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryManagerService.exe
SR - | Auto 24/12/2012 1868432 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 128896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 28/01/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 21/01/2014 1025712 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 17/03/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 17/03/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 01/02/2012 214896 | (MotoHelper) . (...) - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/07/2013 4153184 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 23s



---\\ Scâner Aditional (088)
Database Version : 13045 - (05/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKCU\Software\Bonanza] =>Adware.BonanzaDeals^
~ Additionnel Scan: 277563 Items scanned in 01mn 18s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BonanzaDeals
~ MSI: 1 link(s) detected in 00mn 00s



~ 732 Legitimates filtered by white list
End of the scan (475 lines in 03mn 18s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

TÓPICO ARQUIVADO

Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.