Não consigo instalar o Kaspersky no meu computador... ele está pedindo pra desinstalar o Baidu que já desinstalei! Socorro!!!

Comprei o Kaspersky e não consigo instalá-lo. Ele está encontrando o Baidu antivirus, mas eu já o desinstalei e não acho mais nada dele. Não sei o que fazer mais. Tentei ignorar e instalar o Kaspersky, mas ele não abre... fica carregando e fecha. Por favor, me ajudem!!!

  Olá Fabinho.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.210 - Relatório criado 22/05/2014 às 02:16:10
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Cliente - CLIENTE-PC
# Executando de : C:\Users\Cliente\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\6y5sp9wb.default\prefs.js ]


-\\ Google Chrome v34.0.1847.137

[ Arquivo : C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [927 octets] - [22/05/2014 02:14:22]
AdwCleaner[S0].txt - [846 octets] - [22/05/2014 02:16:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [905 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Cliente on 24/05/2014 at 14:01:18,90.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cliente\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24/05/2014 14:02:16 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A6C19469-F39E-4D9D-B74F-B7BE4CA98700} deleted successfully
HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E6CDC804-4959-4ECD-931D-E77497DE1909} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\6y5sp9wb.default\prefs.js:
user_pref("browser.startup.homepage", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
user_pref("browser.search.defaultenginename", "Web");
user_pref("browser.search.selectedEngine", "Web");
user_pref("keyword.URL", "http://br.yhs4.search.yahoo.com/yhs/search");

Added to C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\6y5sp9wb.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\6y5sp9wb.default

user.js not found
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "dsites0101");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0CtByD0FtCtD0D0Dzy0AtN0D0Tzu0CyByDtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtBtDtC1
user_pref("extensions.irmysearch.cr", "1970054921");
user_pref("extensions.irmysearch.instlRef", "");
---- FireFox user.js and prefs.js backups ----

prefs_052014_1419_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\MyFree Codec deleted
C:\extensions.sqlite deleted
C:\found.000 deleted
C:\Users\Cliente\AppData\Roaming\iLauncher deleted
C:\Users\Cliente\AppData\Roaming\iLinker deleted
C:\PROGRA~2\boost_interprocess deleted
C:\Users\Cliente\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\Users\Cliente\Downloads\iLividSetup-r0-n-bc.exe deleted
C:\Users\Cliente\Downloads\DownloadManagerSetup.exe deleted
C:\Users\Cliente\AppData\LocalLow\ilividtoolbargaw deleted
C:\Windows\system32\sasnative32.exe deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\6y5sp9wb.default\searchplugins\search_the_web.xml deleted
C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted
C:\Users\Cliente\AppData\Roaming\unins000.exe deleted
C:\Users\Cliente\AppData\Roaming\unins001.exe deleted
"C:\Users\Cliente\AppData\Local\{A60B485F-C13F-42CA-9219-C1CFC7D5375F}" deleted
"C:\Users\Cliente\AppData\Roaming\iolo" deleted

==== Folders Found ======================


==== Files Found ======================


--- C:\Users\Cliente\AppData\Local\Temp\9DA89F04-E08B-11E3-AAC8-001BB9C25F10\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-05-21 02:00:08
Modified time: 2014-05-16 18:48:28
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4


--- C:\Users\Cliente\AppData\Local\Temp\A43ED9B9-E091-11E3-A891-001BB9C25F10\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-05-21 02:43:25
Modified time: 2014-05-16 18:48:28
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4

o relatório do zoek está incompleto. Veja se ele completou a limpeza dele, se não tiver completado espere até terminar e quando terminar poste o relatório completo. Se já terminou é só copiar ele completo e postar.

Power Max escreveu:o relatório do zoek está incompleto. Veja se ele completou a limpeza dele, se não tiver completado espere até terminar e quando terminar poste o relatório completo. Se já terminou é só copiar ele completo e postar.

Está demorando um pouco... a janela fecha sozinha?

Normalmente ele vai dar uma mensagem em inglês dizendo que precisa reiniciar o PC. Aí é só confirmar, e depois que ele reiniciar você posta o relatório dele.

Power Max escreveu:Normalmente ele vai dar uma mensagem em inglês dizendo que precisa reiniciar o PC. Aí é só confirmar, e depois que ele reiniciar você posta o relatório dele.

Ok... estou aguardando. Eu estou lendo várias postagens aqui no seu site e vendo os mesmos casos que foram resolvidos. Estou lendo esse aqui:

Re: (RESOLVIDO) Boa Noite, como tirar o Baidu antivirus?
Mensagem Power Max em Qui Maio 22, 2014 3:17 pm...

Já até baixei o programa ZHP diag e tenho o relatorio. Mas não consigo seguir em frente pq vc menciona um texto em vermelho que eu não tenho acesso... ai tive que parar. Mas vc resolveu o problema dele. Por favor, me ajude tb, pois estou a mais de uma semana tentando resolver isso e não consigo. Fui vítima de um golpe aqui na net, pois pegaram dados do meu cartão, por isso que instalar o Kaspersky. Antes tinha o AVIRA. Outra coisa, quando ignorei o Baidu q o Kaipersky acho na instalação, ele inslalou mas não abriu. Será q foi por isso? Por incompatibilidade? Ele começa a carregar... e fecha antes de abrir. Ou pode ser outra coisa?

Antes de usar o ZHP é preciso usar o Zoek, fico no aguardo do relatório dele.

Power Max escreveu:Antes de usar o ZHP é preciso usar o Zoek, fico no aguardo do relatório dele.

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Cliente on 24/05/2014 at 15:46:38,77.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cliente\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-24-172043.log 5592 bytes

==== System Restore Info ======================

24/05/2014 15:50:58 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\6y5sp9wb.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\6y5sp9wb.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Folders Found ======================


==== Files Found ======================


--- C:\Users\Cliente\AppData\Local\Temp\9DA89F04-E08B-11E3-AAC8-001BB9C25F10\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-05-21 02:00:08
Modified time: 2014-05-16 18:48:28
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"="Baidu Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"

[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Cliente\\Downloads\\Baidu Antivirus.exe"=dword:00000001

[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Piriform\CCleaner]
"Exclude1"="REG|HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Compatibility Assistant\\Persisted|C:\\Users\\Cliente\\Downloads\\Baidu Antivirus.exe"

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [02/05/2014 18:55]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\6y5sp9wb.default
785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
BE77CDD303A624DA42094FB1AEFBEAFE - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
0012E2B34E88D95EE60FEDFB2FDBC0C2 - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll - Módulo de Proteção - Banco Santander (Brasil) S.A.
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Cliente\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
01F0264937036BD962563F1ADF35CE72 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ejopbmigmdcagojhogeadfbpipbcblmk - C:\Program Files\LyricsBot\131.crx[]
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]

Google Wallet - Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{AA902971-88E5-4B25-B3F8-29CF42FDCEE1}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} PSafe ClikSeguro Url="http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}"
{AA902971-88E5-4B25-B3F8-29CF42FDCEE1} FindWide Url="http://search.findwide.com/serp?guid={941C2BB6-5A6F-4146-BE1A-0F4500FB53E6}&action=default_search&serpv=22&k={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Cliente\Desktop\IE.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Cliente\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Cliente\Desktop\VIVO INTERNET.lnk - C:\Program Files\VIVO INTERNET\VIVO INTERNET.exe
C:\Users\Cliente\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Cliente\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Users\Cliente\AppData\Local\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Samsung i-Launcher.lnk - C:\Program Files\Samsung\iLauncher\iLauncher.exe
C:\Users\Public\Desktop\Samsung Kies (Lite).lnk - C:\Program Files\Samsung\Kies\KiesAgent.exe /lite
C:\Users\Public\Desktop\Samsung Kies.lnk - C:\Program Files\Samsung\Kies\KiesAgent.exe
C:\Users\Public\Desktop\Webcam videocap.lnk - C:\Program Files\ETRON\Webcam\x86\VideoCap.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\Cliente\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Users\IRMOS~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\IRMOS~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk - C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk - C:\Windows\Installer\{C74DCAC0-DDB3-4135-A70C-0553BF9490BC}\fssicon.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk - C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk - C:\Program Files\FLVPlayer\FLVPlayer.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Users\Cliente\AppData\Local\Mozilla Firefox\firefox.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VIVO INTERNET.lnk - C:\Program Files\VIVO INTERNET\VIVO INTERNET.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\IRMOS~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\IRMOS~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\IRMOS~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\IRMOS~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\IRMOS~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\IRMOS~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ejopbmigmdcagojhogeadfbpipbcblmk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda deleted successfully

==== Empty IE Cache ======================

C:\Users\Cliente\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cliente\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\IRMOS~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\IRMOS~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=200 folders=36 63032863 bytes)

==== Empty Temp Folders ======================

C:\Users\Cliente\AppData\Local\Temp will be emptied at reboot
C:\Users\Convidado\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\IRMOS~1\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Cliente\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 24/05/2014 at 16:16:10,87 ======================

Viu o relatório???

Eu vi o relatório, mas há outras pessoas que postaram antes de você e preciso analisar o relatório delas antes do seu. Peço que veja a regra desta seção:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Power Max escreveu:

Viu o relatório???

Eu vi o relatório, mas há outras pessoas que postaram antes de você e preciso analisar o relatório delas antes do seu. Peço que veja a regra desta seção:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Ok. Desculpa... aguardarei.

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

==== Older Logs ======================

C:\zoek-results2014-05-24-172043.log 5592 bytes
C:\zoek-results2014-05-24-191610.log 25692 bytes
C:\zoek-results2014-05-24-234321.log 661 bytes

==== System Restore Info ======================

24/05/2014 20:45:19 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"=-
[-HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"=-
[-HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"=-
[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Cliente\\Downloads\\Baidu Antivirus.exe"=-
[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Piriform\CCleaner]
"Exclude1"=-

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=200 folders=36 63032863 bytes)

==== EOF on 24/05/2014 at 20:58:21,37 ======================

Vc disse para eu desistalar o antivirus, mas estou sem nenhum... fechei o windows defender... só se for este. Abraços... aguardo retorno. Obrigado.

Não disse para você desinstalar o antivirus, é só para desativar temporariamente.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Cliente on 24/05/2014 at 21:56:53,83.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cliente\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-24-172043.log 5592 bytes
C:\zoek-results2014-05-24-191610.log 25692 bytes
C:\zoek-results2014-05-24-234321.log 661 bytes
C:\zoek-results2014-05-25-000204.log 6844 bytes

==== System Restore Info ======================

24/05/2014 22:04:36 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[-HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[-HKEY_USERS\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1335325044-692268979-3597427913-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=200 folders=36 63032863 bytes)

==== EOF on 24/05/2014 at 22:11:42,14 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Cliente on 24/05/2014 at 23:03:04,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/05/2014 at 23:07:50,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Abra o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman  (24/05/2014)
~ Iniciado por Cliente (24/05/2014 23:16:53)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v34.0.1847.137 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.05

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 95 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1982 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 377 GB (81%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CLIENTE-PC
~ User Name: Cliente
~ All Users Names: UpdatusUser, HomeGroupUser$, Convidado, Cliente, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cliente\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cliente\AppData\Roaming\
~ %Desktop% : C:\Users\Cliente\Desktop\
~ %Favorites% : C:\Users\Cliente\Favorites\
~ %LocalAppData% : C:\Users\Cliente\AppData\Local\
~ %StartMenu% : C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 377 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 0 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 03:17:10.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 03:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.12/12/2013 - 18:00:31.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2010 - 23:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2010 - 23:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 00:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2010 - 23:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 01:24:48.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2010 - 23:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 03:30:18.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2323
~ Mes musiques (My Musics) : 24/59
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/35822
~ Mon Bureau (My Desktop) : 1/217
~ Menu demarrer (Programs) : 1/32
~ Hidden Files:  Scanned in 01mn 01s



---\\ Processos lançados
[MD5.F979E2139F2DD221ECB8506EEAC9931F] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe   [10996368] [PID.556]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe   [30040] [PID.684]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [254336] [PID.752]
[MD5.67C0F2112F1B2427EF7B81E2578F511B] - (...) -- C:\Program Files\VIVO INTERNET\VIVO INTERNET.exe   [114688] [PID.1124]
[MD5.CC78200C3ECFFA178E78308A0E160D80] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Cliente\AppData\Local\Akamai\netsession_win.exe   [4672920] [PID.1144]
[MD5.0916D660A63EB75166F6419689A42242] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Cliente\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe   [257224] [PID.1200]
[MD5.B776DFE408E415AA901030C022EEB7DA] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe   [1821472] [PID.2260]
[MD5.8D796CC19572EC1C401F8F213C8F9AC0] - (.Eastman Kodak Company - Camera detection stub.) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe   [108544] [PID.2676]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe   [841032] [PID.4884]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7879168] [PID.4816]
~ Processes Running:  Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 10 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\6y5sp9wb.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 14 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehuni.dll
~ BHO: 12 Legitimates Filtered in 00mn 02s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{3CF5C157-5743-404B-B312-606CF5DFF453} Chave orfã
~ Toolbar:  Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKCU\..\Run: [KGShareApp] . (.Eastman Kodak Company - Kodak Gallery Share App.) -- C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Cliente\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Mobile Partner] . (...) -- C:\Program Files\VIVO INTERNET\VIVO INTERNET.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Cliente\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Cliente\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1335325044-692268979-3597427913-1000\..\Run: [KGShareApp] . (.Eastman Kodak Company - Kodak Gallery Share App.) -- C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe
O4 - HKUS\S-1-5-21-1335325044-692268979-3597427913-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Cliente\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1335325044-692268979-3597427913-1000\..\Run: [Mobile Partner] . (...) -- C:\Program Files\VIVO INTERNET\VIVO INTERNET.exe
O4 - HKUS\S-1-5-21-1335325044-692268979-3597427913-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Cliente\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-1335325044-692268979-3597427913-1000\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Cliente\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{38FDEA53-A77C-4A43-912B-6332FD326597}: NameServer = 187.100.246.251 187.100.246.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2AD5DAF-E26F-4170-96FD-9048FDC536C4}: NameServer = 200.204.135.253 187.100.246.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{38FDEA53-A77C-4A43-912B-6332FD326597}: NameServer = 187.100.246.251 187.100.246.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{F2AD5DAF-E26F-4170-96FD-9048FDC536C4}: NameServer = 200.204.135.253 187.100.246.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{38FDEA53-A77C-4A43-912B-6332FD326597}: NameServer = 187.100.246.251 187.100.246.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{F2AD5DAF-E26F-4170-96FD-9048FDC536C4}: NameServer = 200.204.135.253 187.100.246.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{38FDEA53-A77C-4A43-912B-6332FD326597}: NameServer = 187.100.246.251 187.100.246.252
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll  =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify:  GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
~ Services: 7 Legitimates Filtered in 00mn 09s



---\\ Tarefas planificadas automaticamente (039)
[MD5.33CD08CE95030D07709B0417689C9627] [APT] [{AD0A81D0-A587-4E47-AD48-80506850F1A9}] (.Banco Itaú.) -- C:\Users\Cliente\Downloads\DiagnosticoItau.exe   [3123256]
[MD5.00000000000000000000000000000000] [APT] [{CC9427CB-0C5A-40F9-95CD-0BD5A72DBD3F}] (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (.not file.)   [0]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1335325044-692268979-3597427913-1000Core   [914]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1335325044-692268979-3597427913-1000UA   [936]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1054]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1058]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 08s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (badriver) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\badriver.sys
O41 - Driver:  (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex.sys
~ Drivers: 98 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
~ Logic: 18 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\SupDp]  =>PUP.SupTab
~ Key Software: 207 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/02/2013 - 01:40:32 - [] ----D C:\Program Files\Buscapé
O43 - CFD: 05/12/2012 - 12:12:10 - [] ----D C:\Program Files\PrintProjects
O43 - CFD: 16/11/2012 - 06:48:33 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 05/12/2012 - 12:12:06 - [] ----D C:\ProgramData\PrintProjects
O43 - CFD: 02/02/2013 - 01:12:07 - [] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 17/12/2012 - 13:28:19 - [] ----D C:\ProgramData\{C585085B-79A8-423C-B04B-77DD30E9C195}
~ Program Folder: 174 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.5178FB585914AD9FA3D8D57449E14F0F] - 18/05/2014 - 09:19:25 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\badriver.sys   [39400]
O44 - LFC:[MD5.CB0E07B9B630B77CE76D4C4278D328B1] - 18/05/2014 - 09:33:14 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys   [94976]
O44 - LFC:[MD5.14FCF3D202D8A4F44ED686C27EB5303A] - 18/05/2014 - 09:35:23 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys   [70528]
O44 - LFC:[MD5.A1672C26F42DA344C840D72F80FCE096] - 18/05/2014 - 09:35:23 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys   [51616]
O44 - LFC:[MD5.443B1929FB74D90FE82F724A0D826224] - 18/05/2014 - 09:35:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys   [45888]
O44 - LFC:[MD5.26F863F9D8AB9F2558B07C4B1619466C] - 18/05/2014 - 09:35:46 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys   [29504]
O44 - LFC:[MD5.DA5F0574BF8D47E4889F260C77ADBEB8] - 18/05/2014 - 09:35:55 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys   [155968]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 20/05/2014 - 23:31:13 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll   [536576]
O44 - LFC:[MD5.FC336684AB8C1D512BB950BF9914FFD0] - 21/05/2014 - 01:16:09 ---A- . (...) -- C:\DelFix.txt   [4606]
O44 - LFC:[MD5.B4CB7037F1C22C7FD1D886DEF404CD99] - 24/05/2014 - 14:20:43 ---A- . (...) -- C:\zoek-results2014-05-24-172043.log   [5592]
O44 - LFC:[MD5.74808A37A940BE63AFD06C781FC221D7] - 24/05/2014 - 20:43:21 ---A- . (...) -- C:\zoek-results2014-05-24-234321.log   [661]
O44 - LFC:[MD5.B81421E6CE7FD3117F42FB56D78EDB7A] - 24/05/2014 - 21:02:04 ---A- . (...) -- C:\zoek-results2014-05-25-000204.log   [6844]
O44 - LFC:[MD5.C2D17F6BFD3412C5DF2B799A07827F8A] - 24/05/2014 - 22:11:42 ---A- . (...) -- C:\zoek-results.log   [2978]
O44 - LFC:[MD5.612BFA435C380F140FF65FD31D99BCA2] - 24/05/2014 - 22:58:17 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [147038]
O44 - LFC:[MD5.3A360B4D70BEA46334196910C95C393E] - 24/05/2014 - 22:58:17 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [706312]
~ Files: 52 Legitimates Filtered in 00mn 08s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{589e616b-c961-11e3-9e76-001bb9c25f10}\AutoRun\command. (...) -- E:\iLinker.exe (.not file.)
O51 - MPSK:{773fd5ef-6bef-11e2-810b-001bb9c25f10}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
~ Keys:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:17/01/2013 - 20:07:36 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys   [152880]
O58 - SDL:17/01/2013 - 20:07:36 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys   [61488]
O58 - SDL:17/01/2013 - 20:07:36 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys   [29744]
O58 - SDL:17/01/2013 - 20:07:36 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys   [64048]
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49248]  =>.ALWIL Software
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [164736]  =>.ALWIL Software
O58 - SDL:19/02/2014 - 17:57:52 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\badriver.sys   [39400]
O58 - SDL:07/05/2014 - 01:09:22 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys   [45888]
O58 - SDL:07/05/2014 - 01:09:25 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys   [29504]
O58 - SDL:07/05/2014 - 01:09:20 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys   [94976]
O58 - SDL:07/05/2014 - 01:09:34 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys   [70528]
O58 - SDL:07/05/2014 - 01:09:35 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys   [51616]
O58 - SDL:14/04/2014 - 23:30:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys   [155968]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:29/11/2010 - 15:53:28 ---A- . (.Etron - Etron Camera Driver.) -- C:\Windows\System32\Drivers\ETdrv.sys   [5116544]
O58 - SDL:09/08/2007 - 03:06:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys   [23424]
O58 - SDL:24/02/2014 - 15:37:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys   [46392]
O58 - SDL:02/05/2014 - 18:59:59 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys   [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [87064]
O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [182680]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:30/10/2013 - 00:16:30 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys   [37344]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 94 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 19/02/2014 - C:\Windows\System32\drivers\badriver.sys (badriver)  .(.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - LEGACY_BADRIVER
O64 - Services: CurCS - 24/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm)  .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 96 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Users\Cliente\AppData\Local\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} - (PSafe ClikSeguro) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {AA902971-88E5-4B25-B3F8-29CF42FDCEE1} [DefaultScope] - (FindWide) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.SearchFindWide
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.126B6CDA6BA68A95589CF8A4546F5C1A] [SPRF][20/05/2014] (...) -- C:\ProgramData\ntuser.dat   [262144]
[MD5.F33E796083157859135EA6F706997A26] [SPRF][30/05/2013] (...) -- C:\Users\Cliente\AppData\Roaming\unins000.dat   [10876]
[MD5.11F82F8C9BB23E95B238E59001AB2A55] [SPRF][02/05/2014] (...) -- C:\Users\Cliente\AppData\Roaming\unins001.dat   [16655]
[MD5.70F851F7A524071E13F17DC401A21906] [SPRF][22/05/2014] (...) -- C:\Users\Cliente\Desktop\AdwCleaner.exe   [1326389]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][22/05/2014] (...) -- C:\Users\Cliente\Desktop\zoek.exe   [1285120]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BetterInstaller_RASAPI32  =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\BetterInstaller_RASMANCS  =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\deskSvc_RASAPI32  =>Hijacker.22Find
HKLM\SOFTWARE\Microsoft\Tracing\deskSvc_RASMANCS  =>Hijacker.22Find
HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32  =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS  =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\VuuPC_setup_RASAPI32  =>PUP.VuuPC
HKLM\SOFTWARE\Microsoft\Tracing\VuuPC_setup_RASMANCS  =>PUP.VuuPC
HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32  =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS  =>PUP.WebGet
~ BTK: 265 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class)  =>PUP.SaveSense
~ BCK: 6909 Legitimates Filtered in 00mn 21s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 15/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 18/05/2014 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/05/2014 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/05/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 30/10/2013 233472 |  (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe
SR - | Auto 24/02/2014 519224 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 31/01/2013 634656 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/02/2013 1259296 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 23s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 2

[HKLM\Software\Classes\Interface\{8DEC3C75-9A5D-446C-B7B5-E4AB4FDD6309}]   =>Adware.Bandoo
[HKCU\Software\USyndication]   =>Trojan.USyndication
[HKCU\Software\usyndication.com]   =>Trojan.USyndication
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536]   =>PUP.SweetIM^
[HKLM\Software\SupDp]   =>PUP.SupTab^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class)   =>PUP.SaveSense^
~ Additionnel Scan: 247993 Items scanned in 00mn 52s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.SearchFindWide
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.22Find
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.WebGet
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.VuuPC
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.SaveSense
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.Bandoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Trojan.USyndication
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.SweetIM
~ MSI: 10 link(s) detected in 00mn 00s



~ 815 Legitimates filtered by white list
End of the scan (512 lines in 03mn 41s)(0)

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
________________________________________________________________________________________________________

 Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie estes arquivos destacados em azul abaixo para serem analisados (um de cada vez):
C:\Users\Cliente\Downloads\DiagnosticoItau.exe
C:\Windows\System32\drivers\badriver.sys

Assim que a análise de cada um deles for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
____________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos arquivos no site Virus Total.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Cliente at 25/05/2014 00:22:22
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
ELIMINÉ: HKLM\Software\SupDp
ELIMINÉ CLSID MPSK: {589e616b-c961-11e3-9e76-001bb9c25f10}
ELIMINÉ: SearchScopes :{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
ELIMINÉ: SearchScopes :{AA902971-88E5-4B25-B3F8-29CF42FDCEE1}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BetterInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BetterInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\deskSvc_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\deskSvc_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VuuPC_setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VuuPC_setup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
ELIMINÉ: HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
ELIMINÉ: HKCU\Software\USyndication
ELIMINÉ: HKCU\Software\usyndication.com
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
ELIMINÉ: Toolbar: {3CF5C157-5743-404B-B312-606CF5DFF453}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ: c:\windows\system32\drivers\bnbasex.sys
ELIMINÉ: c:\windows\system32\drivers\bndef.sys
ELIMINÉ: c:\windows\system32\drivers\bfilter.sys
ELIMINÉ: c:\windows\system32\drivers\bfmon.sys
ELIMINÉ: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (135) (4.089.836 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
20 : Chaves do Registo
8 : Valores do Registo
1 : Pastas
8 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 44s

========== Caminho do ficheiro do relatório ==========
C:\Users\Cliente\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25/05/2014 00:22:27 [2783]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman  (24/05/2014)
~ Iniciado por Cliente (25/05/2014 00:31:06)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v34.0.1847.137 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.05

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 95 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1982 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 376 GB (80%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CLIENTE-PC
~ User Name: Cliente
~ All Users Names: UpdatusUser, HomeGroupUser$, Convidado, Cliente, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cliente\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cliente\AppData\Roaming\
~ %Desktop% : C:\Users\Cliente\Desktop\
~ %Favorites% : C:\Users\Cliente\Favorites\
~ %LocalAppData% : C:\Users\Cliente\AppData\Local\
~ %StartMenu% : C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 376 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 0 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 03:17:10.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 03:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.12/12/2013 - 18:00:31.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2010 - 23:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2010 - 23:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 00:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2010 - 23:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 01:24:48.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2010 - 23:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 03:30:18.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2323
~ Mes musiques (My Musics) : 24/59
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/35823
~ Mon Bureau (My Desktop) : 1/218
~ Menu demarrer (Programs) : 1/32
~ Hidden Files:  Scanned in 00mn 32s



---\\ Processos lançados
[MD5.31B8835B003CAA6D31BEAD83DDBF98E5] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.8.) -- C:\Windows\system32\nvvsvc.exe   [634656] [PID.808]
[MD5.6DE9AC13D76238AD7427E5453C8ECC54] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\GbpSv.exe   [519224] [PID.832]
[MD5.1ED58DA041A992EEEC934290508B6B71] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe   [865056] [PID.1436]
[MD5.F979E2139F2DD221ECB8506EEAC9931F] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe   [10996368] [PID.1940]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe   [30040] [PID.1948]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [254336] [PID.1956]
[MD5.67C0F2112F1B2427EF7B81E2578F511B] - (...) -- C:\Program Files\VIVO INTERNET\VIVO INTERNET.exe   [114688] [PID.1980]
[MD5.CC78200C3ECFFA178E78308A0E160D80] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Cliente\AppData\Local\Akamai\netsession_win.exe   [4672920] [PID.1988]
[MD5.0916D660A63EB75166F6419689A42242] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Cliente\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe   [257224] [PID.1996]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe   [65432] [PID.428]
[MD5.0796C1E47ADB9825269E64B9DAB4E741] - (.Teruten - FsUsbDevice.) -- C:\Windows\system32\FsUsbExService.exe   [233472] [PID.684]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe   [335872] [PID.1224]
[MD5.B776DFE408E415AA901030C022EEB7DA] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe   [1821472] [PID.2628]
[MD5.8D796CC19572EC1C401F8F213C8F9AC0] - (.Eastman Kodak Company - Camera detection stub.) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe   [108544] [PID.3372]
[MD5.F935E817409F78FA50C5921DB39124B3] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe   [1259296] [PID.2300]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe   [841032] [PID.4072]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7879168] [PID.5740]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe   [3179520] [PID.2716]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 10 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\6y5sp9wb.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehuni.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{38FDEA53-A77C-4A43-912B-6332FD326597}: NameServer = 187.100.246.251 187.100.246.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2AD5DAF-E26F-4170-96FD-9048FDC536C4}: NameServer = 200.204.135.253 187.100.246.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{38FDEA53-A77C-4A43-912B-6332FD326597}: NameServer = 187.100.246.251 187.100.246.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{F2AD5DAF-E26F-4170-96FD-9048FDC536C4}: NameServer = 200.204.135.253 187.100.246.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{38FDEA53-A77C-4A43-912B-6332FD326597}: NameServer = 187.100.246.251 187.100.246.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{F2AD5DAF-E26F-4170-96FD-9048FDC536C4}: NameServer = 200.204.135.253 187.100.246.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{38FDEA53-A77C-4A43-912B-6332FD326597}: NameServer = 187.100.246.251 187.100.246.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{F2AD5DAF-E26F-4170-96FD-9048FDC536C4}: NameServer = 200.204.135.253 187.100.246.254
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll  =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify:  GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
~ Services: 7 Legitimates Filtered in 00mn 10s



---\\ Tarefas planificadas automaticamente (039)
[MD5.33CD08CE95030D07709B0417689C9627] [APT] [{AD0A81D0-A587-4E47-AD48-80506850F1A9}] (.Banco Itaú.) -- C:\Users\Cliente\Downloads\DiagnosticoItau.exe   [3123256]
[MD5.00000000000000000000000000000000] [APT] [{CC9427CB-0C5A-40F9-95CD-0BD5A72DBD3F}] (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (.not file.)   [0]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1335325044-692268979-3597427913-1000Core   [914]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1335325044-692268979-3597427913-1000UA   [936]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1054]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1058]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 05s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (badriver) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\badriver.sys
O41 - Driver:  (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 97 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 202 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/02/2013 - 01:40:32 - [] ----D C:\Program Files\Buscapé
O43 - CFD: 05/12/2012 - 12:12:10 - [] ----D C:\Program Files\PrintProjects
O43 - CFD: 16/11/2012 - 06:48:33 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 05/12/2012 - 12:12:06 - [] ----D C:\ProgramData\PrintProjects
O43 - CFD: 02/02/2013 - 01:12:07 - [] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 17/12/2012 - 13:28:19 - [] ----D C:\ProgramData\{C585085B-79A8-423C-B04B-77DD30E9C195}
~ Program Folder: 174 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.5178FB585914AD9FA3D8D57449E14F0F] - 18/05/2014 - 09:19:25 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\badriver.sys   [39400]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 20/05/2014 - 23:31:13 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll   [536576]
O44 - LFC:[MD5.FC336684AB8C1D512BB950BF9914FFD0] - 21/05/2014 - 01:16:09 ---A- . (...) -- C:\DelFix.txt   [4606]
O44 - LFC:[MD5.B4CB7037F1C22C7FD1D886DEF404CD99] - 24/05/2014 - 14:20:43 ---A- . (...) -- C:\zoek-results2014-05-24-172043.log   [5592]
O44 - LFC:[MD5.74808A37A940BE63AFD06C781FC221D7] - 24/05/2014 - 20:43:21 ---A- . (...) -- C:\zoek-results2014-05-24-234321.log   [661]
O44 - LFC:[MD5.B81421E6CE7FD3117F42FB56D78EDB7A] - 24/05/2014 - 21:02:04 ---A- . (...) -- C:\zoek-results2014-05-25-000204.log   [6844]
O44 - LFC:[MD5.C2D17F6BFD3412C5DF2B799A07827F8A] - 24/05/2014 - 22:11:42 ---A- . (...) -- C:\zoek-results.log   [2978]
O44 - LFC:[MD5.612BFA435C380F140FF65FD31D99BCA2] - 24/05/2014 - 22:58:17 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [147038]
O44 - LFC:[MD5.3A360B4D70BEA46334196910C95C393E] - 24/05/2014 - 22:58:17 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [706312]
~ Files: 46 Legitimates Filtered in 00mn 06s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{773fd5ef-6bef-11e2-810b-001bb9c25f10}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- F:\AutoRun.exe
~ Keys:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Mobile Partner  [Key] . (...) -- C:\Program Files\VIVO INTERNET\VIVO INTERNET.exe
~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:17/01/2013 - 20:07:36 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys   [152880]
O58 - SDL:17/01/2013 - 20:07:36 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys   [61488]
O58 - SDL:17/01/2013 - 20:07:36 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys   [29744]
O58 - SDL:17/01/2013 - 20:07:36 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys   [64048]
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49248]  =>.ALWIL Software
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [164736]  =>.ALWIL Software
O58 - SDL:19/02/2014 - 17:57:52 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\badriver.sys   [39400]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:29/11/2010 - 15:53:28 ---A- . (.Etron - Etron Camera Driver.) -- C:\Windows\System32\Drivers\ETdrv.sys   [5116544]
O58 - SDL:09/08/2007 - 03:06:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys   [23424]
O58 - SDL:24/02/2014 - 15:37:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys   [46392]
O58 - SDL:02/05/2014 - 18:59:59 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys   [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [87064]
O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [182680]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:30/10/2013 - 00:16:30 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys   [37344]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 88 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 19/02/2014 - C:\Windows\System32\drivers\badriver.sys (badriver)  .(.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - LEGACY_BADRIVER
O64 - Services: CurCS - 24/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm)  .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 96 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Users\Cliente\AppData\Local\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.126B6CDA6BA68A95589CF8A4546F5C1A] [SPRF][20/05/2014] (...) -- C:\ProgramData\ntuser.dat   [262144]
[MD5.F33E796083157859135EA6F706997A26] [SPRF][30/05/2013] (...) -- C:\Users\Cliente\AppData\Roaming\unins000.dat   [10876]
[MD5.11F82F8C9BB23E95B238E59001AB2A55] [SPRF][02/05/2014] (...) -- C:\Users\Cliente\AppData\Roaming\unins001.dat   [16655]
[MD5.70F851F7A524071E13F17DC401A21906] [SPRF][22/05/2014] (...) -- C:\Users\Cliente\Desktop\AdwCleaner.exe   [1326389]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][22/05/2014] (...) -- C:\Users\Cliente\Desktop\zoek.exe   [1285120]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 15/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 18/05/2014 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/05/2014 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/05/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 30/10/2013 233472 |  (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe
SR - | Auto 24/02/2014 519224 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 31/01/2013 634656 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/02/2013 1259296 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 24s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 0

~ Additionnel Scan: 247131 Items scanned in 00mn 39s



~ 813 Legitimates filtered by white list
End of the scan (440 lines in 02mn 49s)(0)