Não consigo remover Baidu e SweetPage do PC.

Explanação do Problema: Fui instalar o FlashPlayer e entrei em um site phishing, por minha pressa e afobação instalei o programa, no qual instalou o maldito Baidu/SweetPage, eu tentei remover ele com vários programas, o que acontece é que olhando no regedit o baidu tem umas 7 entradas dentro das chaves de registros as quais não consigo remover, se vocês puderem me ajudar a resolver o problema, de qualquer forma fico grato antecipadamente.
OBS: Computador Pessoal

Conforme Tópico "Leia Antes de Postar", segue log do hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:18:16, on 11/06/2014
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\redXII\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCDD7831-AA39-4B68-BE07-027BE4C060FA}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{CCDD7831-AA39-4B68-BE07-027BE4C060FA}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{CCDD7831-AA39-4B68-BE07-027BE4C060FA}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5145 bytes

  Olá Haseo.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Power Max, obrigado pelo retorno    , segue o log solicitado.


# AdwCleaner v3.212 - Relatório criado 11/06/2014 às 16:53:50
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : redXII - REDXII-PC
# Executando de : C:\Users\redXII\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v30.0 (pt-BR)

[ Arquivo : C:\Users\redXII\AppData\Roaming\Mozilla\Firefox\Profiles\nvx5b20q.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R3].txt - [896 octets] - [11/06/2014 16:53:07]
AdwCleaner[S1].txt - [815 octets] - [11/06/2014 16:53:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [874 octets] ##########

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

MaxPower, eu já havia usado Junkware para tentar elimitar o malware, mas eu não tenho o log antigo   , ele havia deletado várias entradas.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by redXII on 11/06/2014 at 17:11:13,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/06/2014 at 17:12:43,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by redXII on 11/06/2014 at 17:21:10,13.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\redXII\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/06/2014 17:21:50 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\redXII\AppData\Roaming\Mozilla\Firefox\Profiles\nvx5b20q.default\prefs.js:
user_pref("searchreset.backup.browser.startup.homepage", "about:home");

Added to C:\Users\redXII\AppData\Roaming\Mozilla\Firefox\Profiles\nvx5b20q.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\redXII\AppData\Roaming\Mozilla\Firefox\Profiles\nvx5b20q.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----

prefs_062014_1729_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\Program Files\363a6c1a.tmp deleted
C:\PROGRA~2\ProductData deleted
C:\PROGRA~2\InstallMate deleted
C:\Windows\system32\tasks\Baidu Antivirus Update deleted

==== Folders Found ======================

2014-06-08 17:33:28 2014-06-08 17:33:28 -------- d-----w- C:\Program Files\Baidu Security
2014-06-08 17:33:28 2014-06-08 17:58:08 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-06-08 17:33:38 2014-06-08 18:15:04 -------- d-----w- C:\ProgramData\Baidu Security
2014-06-08 17:33:38 2014-06-08 18:15:04 -------- d-----w- C:\Users\All Users\Baidu Security

==== Files Found ======================


--- C:\Program Files\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-08 17:33:20
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\Program Files\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-08 17:33:20
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3414
Created time: 2014-06-11 20:29:39
Modified time: 2014-06-08 17:33:32
MD5: B61F589029BD66C9B422B2617EFCB0C6
SHA1: BD097623BFE37FB1201276258500593D7BADDE18


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [01/05/2014 01:00]

==== Firefox Extensions ======================

ProfilePath: C:\Users\redXII\AppData\Roaming\Mozilla\Firefox\Profiles\nvx5b20q.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\redXII\AppData\Roaming\Mozilla\Firefox\Profiles\nvx5b20q.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
B52EFEC8EEF9A7809376795ED3699826 - C:\Users\redXII\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[01/05/2014 01:00]

Google Voice Search Hotword (Beta) - redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Last updated at time on date - redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
AdBlock - redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\redXII\Desktop\Anki.lnk - C:\Program Files\Anki\anki.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

==== shortcuts in Users Start Menu ======================

C:\Users\redXII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\MemClean\Clear System Cache.lnk - C:\Users\redXII\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe cache
C:\Users\redXII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\MemClean\Memory Cleaner.lnk - C:\Users\redXII\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe
C:\Users\redXII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\MemClean\Trim Processes' Working Set.lnk - C:\Users\redXII\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe process
C:\Users\redXII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\MemClean\Uninstall MemClean.lnk - C:\Users\redXII\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe uninstall

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk - C:\Program Files\Anki\anki.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madVR.lnk - C:\Program Files\K-Lite Codec Pack\Filters\madVR\madHcCtrl.exe editLocalSettingsDontWait
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk - C:\Program Files\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files\K-Lite Codec Pack\unins000.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\redXII\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Diablo III.lnk - D:\Diablo III\Diablo III Launcher.exe
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Battle.net.lnk - C:\Program Files\Battle.net\Battle.net Launcher.exe
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Memory Cleaner.lnk - C:\Users\redXII\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\redXII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\95e01d89-636b-4991-b553-9157f17d4172 deleted successfully

==== Empty IE Cache ======================

C:\Users\redXII\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\redXII\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\redXII\AppData\Local\Mozilla\Firefox\Profiles\nvx5b20q.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=13 folders=5 2092192 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\redXII\AppData\Local\temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\redXII\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\redXII\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 11/06/2014 at 17:35:29,82 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by redXII on 11/06/2014 at 17:50:03,35.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\redXII\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-11-203529.log 20055 bytes

==== System Restore Info ======================

11/06/2014 17:50:37 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]

==== Deleting Files \ Folders ======================

C:\Program Files\Baidu Security deleted
C:\ProgramData\Baidu Security deleted

==== Folders Found ======================

2014-06-11 20:50:43 2014-06-11 20:50:44 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-11 20:51:06 2014-06-11 20:51:11 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-11 20:51:12 2014-06-08 18:15:04 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-11 20:51:12 2014-06-08 18:15:04 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-11 20:50:44 2014-06-11 20:51:06 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus

==== Files Found ======================


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3414
Created time: 2014-06-11 20:29:39
Modified time: 2014-06-08 17:33:32
MD5: B61F589029BD66C9B422B2617EFCB0C6
SHA1: BD097623BFE37FB1201276258500593D7BADDE18


--- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-11 20:50:52
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-11 20:50:52
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-11 20:51:08
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-11 20:51:08
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3553 folders=538 115916252 bytes)

==== EOF on 11/06/2014 at 17:52:09,82 ======================

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.6.11.89 - Nicolas Coolman (11/06/2014)
~ Iniciado por redXII (11/06/2014 18:00:08)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.05

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 34 GB (69%) free of 49 GB

---\\ Modo de conexão ao sistema
~ Computer Name: REDXII-PC
~ User Name: redXII
~ All Users Names: redXII, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\redXII\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\redXII\AppData\Roaming\
~ %Desktop% : C:\Users\redXII\Desktop\
~ %Favorites% : C:\Users\redXII\Favorites\
~ %LocalAppData% : C:\Users\redXII\AppData\Local\
~ %StartMenu% : C:\Users\redXII\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 34 Go of 49 Go)
D: Hard drive, Flash drive, Thumb drive (Free 124 Go of 249 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Internet Extensions for Win32.) (.21/05/2014 - 16:01:46.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Windows Logon Application.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Software Licensing Library.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - NT File System Driver.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 1/19
~ Mon Bureau (My Desktop) : 0/16
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.87A5E321CE993925F79AC86DECE0A828] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464] [PID.3428]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.3480]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.3488]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4672]
[MD5.5E09EA8DF7E0547DC52ACA6AD53AF807] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8066560] [PID.1064]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bepbmhgboaologfdajaanbcjmnhjmhfn] Google Voice Search Hotword (Beta) v.0.1.1.5019, (Désactivé)
G2 - GCE: Preference [User Data\Default] [dnhpdliibojhegemfjheidglijccjfmc] hotword helper v.0.0.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\redXII\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [redXII]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\redXII\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCDD7831-AA39-4B68-BE07-027BE4C060FA}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{CCDD7831-AA39-4B68-BE07-027BE4C060FA}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{CCDD7831-AA39-4B68-BE07-027BE4C060FA}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 4 Legitimates Filtered in 00mn 04s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 02s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex.sys
O41 - Driver: (Bndef) . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - C:\Windows\system32\drivers\bndef.sys
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 90 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\DamienBT]
[HKCU\Software\GbAs]
[HKCU\Software\KoshyJohn.com]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Quiknowledge]
~ Key Software: 182 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/04/2014 - 17:24:39 - [] ----D C:\Program Files\Scpad
O43 - CFD: 26/03/2014 - 20:44:03 - [] ----D C:\ProgramData\Puresafe
O43 - CFD: 18/05/2014 - 21:31:01 - [] ----D C:\ProgramData\Standard
O43 - CFD: 16/04/2014 - 17:25:16 - [] ----D C:\Users\redXII\AppData\Roaming\KoshyJohn.com
O43 - CFD: 20/05/2014 - 00:10:35 - [] ----D C:\Users\redXII\AppData\Roaming\Media Control
O43 - CFD: 01/04/2014 - 21:57:30 - [] ----D C:\Users\redXII\AppData\Roaming\Scpad
O43 - CFD: 16/04/2014 - 17:25:32 - [] ----D C:\Users\redXII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
~ Program Folder: 141 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.E6B7DB757C25628AE985E952AD1BA0B3] - 08/06/2014 - 14:33:41 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O44 - LFC:[MD5.7EFD231BAA1A7ECF25AF075951D60906] - 08/06/2014 - 14:33:41 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O44 - LFC:[MD5.CB3E0EBD03C250170C4B4258F9264212] - 08/06/2014 - 14:33:44 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O44 - LFC:[MD5.70DDC28A7998907EC42E1C60899ACAA6] - 08/06/2014 - 14:33:45 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 11/06/2014 - 01:34:51 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 11/06/2014 - 02:58:45 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 11/06/2014 - 02:58:45 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 11/06/2014 - 02:58:45 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 11/06/2014 - 02:58:45 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 11/06/2014 - 02:58:45 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11/06/2014 - 03:02:06 ---A- . (...) -- C:\Windows\System32\Drivers\seneka.sys [0]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 11/06/2014 - 03:05:02 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.C89FC94299049BB47CDBAD4A2AEA55CB] - 11/06/2014 - 03:06:15 ---A- . (...) -- C:\ComboFix.txt [18761]
O44 - LFC:[MD5.BF1121F131D252B89BCC060CC013F15A] - 11/06/2014 - 17:35:29 ---A- . (...) -- C:\zoek-results2014-06-11-203529.log [20055]
O44 - LFC:[MD5.80340C055375AA3ABFEA0D9FCA51E0FF] - 11/06/2014 - 17:52:09 ---A- . (...) -- C:\zoek-results.log [8079]
O44 - LFC:[MD5.5F70A36133973C04E2120A39B36712DB] - 27/05/2014 - 22:51:37 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146910]
O44 - LFC:[MD5.CD1634B5CFF0A01313EC063C42178D84] - 27/05/2014 - 22:51:37 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705070]
~ Files: 32 Legitimates Filtered in 00mn 02s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Pesquisa de Rootkits nos drivers (SDR) (057)
O57 - SDR:Search Drivers Rootkit - ( - .) --
~ Keys: Scanned in 00mn 01s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:01/05/2014 - 01:00:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:01/05/2014 - 01:00:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:01/05/2014 - 01:00:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\GbpKm.sys [47192]
O58 - SDL:31/03/2014 - 18:56:56 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:11/06/2014 - 03:02:06 ---A- . (...) -- C:\Windows\System32\Drivers\seneka.sys [0]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 77 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON
O64 - Services: CurCS - 27/05/2014 - C:\Windows\System32\drivers\bnbasex.sys (Bnbase) .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\bndef.sys (Bndef) .(.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - LEGACY_BNDEF
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 125 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.99CAB4761BEB41EEDAC3A12F6B8766CB] [SPRF][21/05/2014] (...) -- C:\Users\redXII\AppData\Roaming\unins000.dat [45823]
[MD5.42F24559E8C472F6FF745BB7C5465FB2] [SPRF][11/06/2014] (...) -- C:\Users\redXII\Desktop\AdwCleaner.exe [1333465]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][11/06/2014] (...) -- C:\Users\redXII\Desktop\zoek.exe [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{3D0C6CF1-76E0-4D14-8C19-921A7F3DCD91}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- D:\Programas Padrões\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{92BEA5E5-7828-4ED2-BE2F-D64BE81B1D93}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- D:\Programas Padrões\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{E0B7B374-B0CF-4FF6-B042-9F4CA309488B}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\redXII\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{122BBCB9-ED88-456E-AF9A-FAF69DB63BE1}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\redXII\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
~ BTK: 221 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Disabled 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 08/06/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/04/2014 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Disabled 18/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 18/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Disabled 10/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SS - | Disabled 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 01/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 08/02/2014 664864 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s



---\\ Scâner Aditional (088)
Database Version : 13026 - (11/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 181569 Items scanned in 00mn 18s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Extensions (G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Proxy Management (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects de navigateur s (O2)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 734 Legitimates filtered by white list
End of the scan (469 lines in 00mn 56s)(0)

 Sugiro que desinstale o Bonjour, que é desnecessário.
___________________________________________________________________________________________________________________

 Foi você quem instalou esta extensão no navegador Google Chrome? Sabe do que se trata?

hotword helper
___________________________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Bonjour, não sei pra que serve, até achei que era algo legítimo do sistema, no painel de controles não aparece, existe alguma forma de desinstalar ele corretamente?

hotword helper - não sei do que se trata, nunca vi ele nas extensões dos navegadores, as única extensões que eu uso são relacionadas há adblocks ou do próprio avast.



Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by redXII at 11/06/2014 18:30:19
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit (Build 7600)

Reciclagem vazia (00mn 19s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BFILTER Parado
BFMON Parado
BNBASE Parado
BNDEF Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ: HKLM\Software\Quiknowledge

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\bnbasex.sys
ELIMINÉ: c:\windows\system32\drivers\bndef.sys
ELIMINÉ: c:\windows\system32\drivers\bfilter.sys
ELIMINÉ: c:\windows\system32\drivers\bfmon.sys
ELIMINÉ Temporários windows (3) (11.657 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
5 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
6 : Ficheiros
4 : Estado dos serviços
1 : Restauração Sistema


End of clean in 00mn 33s

========== Caminho do ficheiro do relatório ==========
C:\Users\redXII\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/06/2014 18:30:39 [1561]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.6.11.89 - Nicolas Coolman (11/06/2014)
~ Iniciado por redXII (11/06/2014 18:41:25)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 32-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018

---\\ Softwares d'optimização do sistema
CCleaner v4.05

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 34 GB (69%) free of 49 GB

---\\ Modo de conexão ao sistema
~ Computer Name: REDXII-PC
~ User Name: redXII
~ All Users Names: redXII, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\redXII\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\redXII\AppData\Roaming\
~ %Desktop% : C:\Users\redXII\Desktop\
~ %Favorites% : C:\Users\redXII\Favorites\
~ %LocalAppData% : C:\Users\redXII\AppData\Local\
~ %StartMenu% : C:\Users\redXII\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 34 Go of 49 Go)
D: Hard drive, Flash drive, Thumb drive (Free 124 Go of 249 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Internet Extensions for Win32.) (.21/05/2014 - 16:01:46.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Windows Logon Application.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Software Licensing Library.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - NT File System Driver.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 1/19
~ Mon Bureau (My Desktop) : 0/17
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.A57002E448D6BFCE2111FAA7F47FC584] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 334.8.) -- C:\Windows\system32\nvvsvc.exe [664864] [PID.876]
[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [528424] [PID.900]
[MD5.1FCF29B0BE773B3E39B2B83A4196CB32] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [941856] [PID.1384]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1604]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [229376] [PID.1884]
[MD5.87A5E321CE993925F79AC86DECE0A828] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464] [PID.3428]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.3480]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.3488]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4856]
[MD5.5E09EA8DF7E0547DC52ACA6AD53AF807] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8066560] [PID.5612]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Microsoft Software Protection Platform Serv.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4368]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bepbmhgboaologfdajaanbcjmnhjmhfn] Google Voice Search Hotword (Beta) v.0.1.1.5019, (Désactivé)
G2 - GCE: Preference [User Data\Default] [dnhpdliibojhegemfjheidglijccjfmc] hotword helper v.0.0.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\redXII\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [redXII]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\redXII\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCDD7831-AA39-4B68-BE07-027BE4C060FA}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{CCDD7831-AA39-4B68-BE07-027BE4C060FA}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{CCDD7831-AA39-4B68-BE07-027BE4C060FA}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 4 Legitimates Filtered in 00mn 09s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 01s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
~ Drivers: 82 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\DamienBT]
[HKCU\Software\GbAs]
[HKCU\Software\KoshyJohn.com]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 182 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/04/2014 - 17:24:39 - [] ----D C:\Program Files\Scpad
O43 - CFD: 18/05/2014 - 21:31:01 - [] ----D C:\ProgramData\Standard
O43 - CFD: 16/04/2014 - 17:25:16 - [] ----D C:\Users\redXII\AppData\Roaming\KoshyJohn.com
O43 - CFD: 20/05/2014 - 00:10:35 - [] ----D C:\Users\redXII\AppData\Roaming\Media Control
O43 - CFD: 01/04/2014 - 21:57:30 - [] ----D C:\Users\redXII\AppData\Roaming\Scpad
O43 - CFD: 16/04/2014 - 17:25:32 - [] ----D C:\Users\redXII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
~ Program Folder: 140 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 11/06/2014 - 01:34:51 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 11/06/2014 - 02:58:45 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 11/06/2014 - 02:58:45 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 11/06/2014 - 02:58:45 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 11/06/2014 - 02:58:45 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 11/06/2014 - 02:58:45 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 11/06/2014 - 03:05:02 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.C89FC94299049BB47CDBAD4A2AEA55CB] - 11/06/2014 - 03:06:15 ---A- . (...) -- C:\ComboFix.txt [18761]
O44 - LFC:[MD5.BF1121F131D252B89BCC060CC013F15A] - 11/06/2014 - 17:35:29 ---A- . (...) -- C:\zoek-results2014-06-11-203529.log [20055]
O44 - LFC:[MD5.80340C055375AA3ABFEA0D9FCA51E0FF] - 11/06/2014 - 17:52:09 ---A- . (...) -- C:\zoek-results.log [8079]
O44 - LFC:[MD5.5F70A36133973C04E2120A39B36712DB] - 27/05/2014 - 22:51:37 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146910]
O44 - LFC:[MD5.CD1634B5CFF0A01313EC063C42178D84] - 27/05/2014 - 22:51:37 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705070]
~ Files: 27 Legitimates Filtered in 00mn 02s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:01/05/2014 - 01:00:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:01/05/2014 - 01:00:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:01/05/2014 - 01:00:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\GbpKm.sys [47192]
O58 - SDL:31/03/2014 - 18:56:56 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 72 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 125 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.99CAB4761BEB41EEDAC3A12F6B8766CB] [SPRF][21/05/2014] (...) -- C:\Users\redXII\AppData\Roaming\unins000.dat [45823]
[MD5.42F24559E8C472F6FF745BB7C5465FB2] [SPRF][11/06/2014] (...) -- C:\Users\redXII\Desktop\AdwCleaner.exe [1333465]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][11/06/2014] (...) -- C:\Users\redXII\Desktop\zoek.exe [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{3D0C6CF1-76E0-4D14-8C19-921A7F3DCD91}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- D:\Programas Padrões\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{92BEA5E5-7828-4ED2-BE2F-D64BE81B1D93}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- D:\Programas Padrões\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{E0B7B374-B0CF-4FF6-B042-9F4CA309488B}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\redXII\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{122BBCB9-ED88-456E-AF9A-FAF69DB63BE1}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\redXII\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
~ BTK: 221 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Disabled 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 08/06/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/04/2014 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Disabled 18/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 18/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Disabled 10/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SS - | Disabled 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 01/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 08/02/2014 664864 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s



---\\ Scâner Aditional (088)
Database Version : 13026 - (11/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 181448 Items scanned in 00mn 27s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Extensions (G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Proxy Management (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects de navigateur s (O2)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 727 Legitimates filtered by white list
End of the scan (451 lines in 01mn 09s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by redXII at 11/06/2014 19:06:04
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit (Build 7600)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ: Service: Bonjour Service

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files\bonjour\mdnsresponder.exe
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
5 : Chaves do Registo
1 : Pastas
3 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 12s

========== Caminho do ficheiro do relatório ==========
C:\Users\redXII\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/06/2014 18:30:39 [1642]
C:\Users\redXII\AppData\Roaming\ZHP\ZHPFix[R2].txt - 11/06/2014 19:06:05 [1113]

Como está o PC? O Baidu e SweetPage ainda estão aparecendo?

PoweMax, o Baidu aparece no regedit, se eu for lá e der um localizar por "baidu", ele mostra várias entradas, não sei se ele está interferindo no computador, o sweet page foi completamente aniquilado.

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014
Ran by redXII at 2014-06-11 19:28:43
Running from C:\Users\redXII\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Anki (HKLM\...\Anki) (Version: - )
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.30739 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 10.5.0 Standard (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 30.0 (x86 pt-BR)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{50FA6B86-D3C4-4961-A58F-1A061B2DCE04}) (Version: 4.01.9714 - Apache Software Foundation)
Painel de controle da NVIDIA 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PingPlotter Standard 3.42.2s (HKLM\...\{FD86E481-01C7-434B-9679-B102B4D43F2D}) (Version: 3.42.2.0 - Nessoft, LLC)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Skype 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points =========================


==================== Hosts content: ==========================

2009-07-13 23:04 - 2014-06-11 17:21 - 00000840 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {218E7681-32BB-4FE5-BB8A-AF4E68AB04DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-08] (Adobe Systems Incorporated)
Task: {63249A7C-05ED-4FC2-80A3-BDF4849F8B7E} - System32\Tasks\{4AB2335C-D9BA-4E85-AF84-214DD3B0FFC0} => Chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Task: {8FC957C7-8536-4EE5-9022-1A269F913E01} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {9A74A145-E133-4DFB-92EC-920EB087F8F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {9BF260B4-3725-4428-952C-203F268E5A7D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A1A0DCEA-FC20-47EA-8726-09000EE83E52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {F6C990AF-41B3-4366-8BCC-ACFD9EA83363} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {FA441A09-B9DA-4358-B50F-E19E009D3295} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-01] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-11 17:35 - 2014-06-11 17:35 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061101\algo.dll
2014-03-18 01:31 - 2014-02-08 14:11 - 00107808 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-05-02 12:44 - 2013-10-23 14:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll
2014-03-18 01:43 - 2014-03-18 01:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-23 16:42 - 2014-05-13 20:40 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-23 16:42 - 2014-05-13 20:40 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-23 16:42 - 2014-05-13 20:40 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-23 16:42 - 2014-05-13 20:40 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-23 16:42 - 2014-05-13 20:40 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: scpVista => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2014 07:27:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST.exe, version: 12.6.2014.0, time stamp: 0x5398cfb3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x80600013
Faulting process id: 0xd8
Faulting application start time: 0xFRST.exe0
Faulting application path: FRST.exe1
Faulting module path: FRST.exe2
Report Id: FRST.exe3

Error: (06/11/2014 07:05:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Bndef.

System Error:
O sistema não pode encontrar o arquivo especificado.
.

Error: (06/11/2014 07:05:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Bnbase.

System Error:
O sistema não pode encontrar o arquivo especificado.
.

Error: (06/11/2014 07:05:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Bfmon.

System Error:
O sistema não pode encontrar o arquivo especificado.
.

Error: (06/11/2014 07:05:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Bfilter.

System Error:
O sistema não pode encontrar o arquivo especificado.
.


System errors:
=============
Error: (06/11/2014 05:29:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/11/2014 05:29:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/11/2014 05:29:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/11/2014 05:29:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/11/2014 05:29:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (06/11/2014 07:27:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST.exe12.6.2014.05398cfb3unknown0.0.0.000000000c000000580600013d801cf85c45797b589C:\Users\redXII\Desktop\FRST.exeunknown96f1912c-f1b7-11e3-a98b-00241dfb8e35

Error: (06/11/2014 07:05:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Bndef.

System Error:
O sistema não pode encontrar o arquivo especificado.

Error: (06/11/2014 07:05:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Bnbase.

System Error:
O sistema não pode encontrar o arquivo especificado.

Error: (06/11/2014 07:05:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Bfmon.

System Error:
O sistema não pode encontrar o arquivo especificado.

Error: (06/11/2014 07:05:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Bfilter.

System Error:
O sistema não pode encontrar o arquivo especificado.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 2046.49 MB
Available physical RAM: 1189.42 MB
Total Pagefile: 4092.98 MB
Available Pagefile: 2930.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1865.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.73 GB) (Free:33.96 GB) NTFS
Drive d: (Disco Local) (Fixed) (Total:249.26 GB) (Free:123.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 298 GB) (Disk ID: 9F7A9F7A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=249 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014
Ran by redXII (administrator) on REDXII-PC on 11-06-2014 19:28:15
Running from C:\Users\redXII\Desktop
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-03-18] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Banco Bradesco S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB2D243FC2E4DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1600552 2014-05-06] (Banco do Brasil)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{CCDD7831-AA39-4B68-BE07-027BE4C060FA}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\redXII\AppData\Roaming\Mozilla\Firefox\Profiles\nvx5b20q.default
FF NewTab: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: gastecnologia.com.br/sf/bb - C:\Users\redXII\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: Adblock Plus - C:\Users\redXII\AppData\Roaming\Mozilla\Firefox\Profiles\nvx5b20q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-02]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-18]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
CHR Extension: (Google Drive) - C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
CHR Extension: (Google Search) - C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
CHR Extension: (avast! Online Security) - C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18]
CHR Extension: (Gmail) - C:\Users\redXII\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-04-14] (Macrovision Europe Ltd.) [File not signed]
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [528424 2014-05-06] (GAS Tecnologia)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S4 scpVista; C:\Program Files\Scpad\scpVista.exe [360624 2012-10-24] (Banco Bradesco S.A.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-01] ()
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-03-14] (GAS Tecnologia)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-03-31] (GAS Tecnologia)
S3 catchme; \??\C:\Users\redXII\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 19:28 - 2014-06-11 19:28 - 00009916 _____ () C:\Users\redXII\Desktop\FRST.txt
2014-06-11 19:27 - 2014-06-11 19:28 - 00000000 ____D () C:\FRST
2014-06-11 19:26 - 2014-06-11 19:26 - 01073152 _____ (Farbar) C:\Users\redXII\Desktop\FRST.exe
2014-06-11 19:18 - 2014-06-11 19:18 - 00063568 _____ () C:\Users\redXII\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-11 19:08 - 2014-06-11 19:06 - 00001194 _____ () C:\Users\redXII\Desktop\ZHPFixReport.txt
2014-06-11 18:42 - 2014-06-11 18:42 - 00027737 _____ () C:\Users\redXII\Desktop\ZHPDiag.txt
2014-06-11 17:59 - 2014-06-11 19:08 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\ZHP
2014-06-11 17:59 - 2014-06-11 17:59 - 00001933 _____ () C:\Users\redXII\Desktop\ZHPFix.lnk
2014-06-11 17:59 - 2014-06-11 17:59 - 00001806 _____ () C:\Users\redXII\Desktop\ZHPDiag.lnk
2014-06-11 17:59 - 2014-06-11 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-06-11 17:59 - 2014-06-11 17:59 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-06-11 17:57 - 2014-06-11 17:59 - 06856430 _____ (Nicolas Coolman ) C:\Users\redXII\Desktop\ZHPDiag2.exe
2014-06-11 17:50 - 2014-06-11 17:35 - 00020055 _____ () C:\zoek-results2014-06-11-203529.log
2014-06-11 17:31 - 2014-06-11 19:28 - 00000000 ____D () C:\Users\redXII\AppData\Local\Temp
2014-06-11 17:31 - 2014-06-11 17:31 - 00000000 ____D () C:\Users\Usuário Padrão\AppData\Local\temp
2014-06-11 17:31 - 2014-06-11 17:31 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 17:31 - 2014-06-11 17:31 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 17:31 - 2014-06-11 17:31 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 17:21 - 2014-06-11 17:52 - 00008079 _____ () C:\zoek-results.log
2014-06-11 17:20 - 2014-06-11 17:51 - 00000000 ____D () C:\zoek_backup
2014-06-11 17:20 - 2014-06-11 17:20 - 01285120 _____ () C:\Users\redXII\Desktop\zoek.exe
2014-06-11 17:12 - 2014-06-11 17:12 - 00000622 _____ () C:\Users\redXII\Desktop\JRT.txt
2014-06-11 17:08 - 2014-06-11 17:08 - 01016261 _____ (Thisisu) C:\Users\redXII\Desktop\JRT.exe
2014-06-11 16:52 - 2014-06-11 16:53 - 00000000 ____D () C:\AdwCleaner
2014-06-11 16:50 - 2014-06-11 16:51 - 01333465 _____ () C:\Users\redXII\Desktop\AdwCleaner.exe
2014-06-11 13:18 - 2014-06-11 13:26 - 00005146 _____ () C:\Users\redXII\Desktop\hijackthis.log
2014-06-11 13:17 - 2014-06-11 13:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\redXII\Desktop\HijackThis.exe
2014-06-11 03:24 - 2014-06-11 03:24 - 00065232 _____ (Malwarebytes) C:\Users\redXII\Desktop\regassassin-setup-1.03.exe
2014-06-11 03:16 - 2014-06-11 03:19 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-11 03:06 - 2014-06-11 03:06 - 00018761 _____ () C:\ComboFix.txt
2014-06-11 02:58 - 2011-06-26 03:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-11 02:58 - 2010-11-07 14:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-11 02:58 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-11 02:58 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-11 02:58 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-11 02:58 - 2000-08-30 21:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-11 02:58 - 2000-08-30 21:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-11 02:58 - 2000-08-30 21:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-11 02:56 - 2014-06-11 03:06 - 00000000 ____D () C:\Qoobox
2014-06-11 02:50 - 2014-06-11 02:50 - 00135216 _____ () C:\Windows\Minidump\061114-9952-01.dmp
2014-06-11 02:40 - 2014-06-11 02:50 - 192191344 _____ () C:\Windows\MEMORY.DMP
2014-06-11 02:40 - 2014-06-11 02:50 - 00000000 ____D () C:\Windows\Minidump
2014-06-11 02:40 - 2014-06-11 02:40 - 00156672 _____ () C:\Windows\Minidump\061114-10093-01.dmp
2014-06-11 02:04 - 2014-06-11 02:04 - 00000000 ____D () C:\Windows\ERUNT
2014-06-11 01:56 - 2014-06-11 01:56 - 00000000 ____D () C:\Windows\pss
2014-06-11 01:39 - 2014-06-11 19:09 - 00001836 _____ () C:\Windows\PFRO.log
2014-06-11 01:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-10 15:23 - 2014-06-10 15:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-09 17:23 - 2014-06-09 17:23 - 00000000 ____D () C:\Users\redXII\AppData\Local\Adobe
2014-06-08 20:55 - 2014-06-11 19:09 - 00001512 _____ () C:\Windows\setupact.log
2014-06-08 20:55 - 2014-06-08 20:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-08 20:54 - 2014-06-08 20:55 - 01630360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-08 15:40 - 2014-06-11 16:50 - 00000000 ____D () C:\Users\redXII\Documents\Anki
2014-06-08 15:40 - 2014-06-08 15:40 - 00000712 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2014-06-08 15:40 - 2014-06-08 15:40 - 00000700 _____ () C:\Users\redXII\Desktop\Anki.lnk
2014-06-08 15:40 - 2014-06-08 15:40 - 00000000 ____D () C:\Program Files\Anki
2014-06-08 15:33 - 2014-06-11 18:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 15:33 - 2014-06-08 15:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-08 15:33 - 2014-06-08 15:33 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-08 15:17 - 2014-06-11 19:12 - 00055757 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 14:41 - 2014-06-11 03:05 - 00000000 ____D () C:\Windows\erdnt
2014-06-01 17:02 - 2014-06-04 14:55 - 00000448 _____ () C:\Users\redXII\Desktop\Phrasal Verbs.txt
2014-06-01 15:16 - 2014-06-01 15:16 - 00000000 ____D () C:\Users\redXII\AppData\Local\Macromedia
2014-05-31 19:01 - 2014-05-31 19:01 - 00000000 ____D () C:\Users\redXII\Documents\My Games
2014-05-30 17:33 - 2014-05-30 17:33 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2014-05-30 17:32 - 2014-06-09 22:54 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\Winamp
2014-05-30 17:32 - 2014-05-30 17:33 - 00000000 ____D () C:\Program Files\Winamp
2014-05-28 22:24 - 2014-06-11 00:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-28 22:24 - 2014-05-28 22:25 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\Mozilla
2014-05-28 22:24 - 2014-05-28 22:25 - 00000000 ____D () C:\Users\redXII\AppData\Local\Mozilla
2014-05-28 22:24 - 2014-05-28 22:24 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-28 22:24 - 2014-05-28 22:24 - 00000000 ____D () C:\Users\Todos os Usuários\Mozilla
2014-05-28 22:24 - 2014-05-28 22:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-28 22:23 - 2014-05-28 22:23 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-26 23:56 - 2014-06-08 17:09 - 00004425 _____ () C:\Users\redXII\Desktop\vocabulary.txt
2014-05-21 16:01 - 2014-05-21 16:01 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-21 16:01 - 2014-05-21 16:01 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-21 16:01 - 2014-05-21 16:01 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01619456 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-05-21 16:01 - 2014-05-21 16:01 - 01495040 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-21 16:01 - 2014-05-21 16:01 - 01170944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00739840 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00728448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-05-21 16:01 - 2014-05-21 16:01 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-21 16:01 - 2014-05-21 16:01 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00283648 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00219008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-05-21 16:01 - 2014-05-21 16:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-21 16:01 - 2014-05-21 16:01 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-21 15:44 - 2014-05-21 16:01 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\Opera Software
2014-05-21 15:44 - 2014-05-21 16:01 - 00000000 ____D () C:\Users\redXII\AppData\Local\Opera Software
2014-05-21 15:44 - 2014-05-21 16:01 - 00000000 ____D () C:\Program Files\Opera
2014-05-20 00:54 - 2014-05-20 00:54 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\MPC-HC
2014-05-20 00:54 - 2014-05-20 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-05-20 00:54 - 2014-05-20 00:54 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-05-20 00:54 - 2013-12-01 09:10 - 00218200 _____ () C:\Windows\system32\unrar.dll
2014-05-20 00:31 - 2009-07-13 22:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-05-20 00:31 - 2009-07-13 22:15 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2014-05-20 00:31 - 2009-07-13 22:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2014-05-20 00:31 - 2009-07-13 22:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2014-05-20 00:10 - 2014-05-20 00:10 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\MediaConfiguration
2014-05-20 00:10 - 2014-05-20 00:10 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\Media Control
2014-05-18 21:43 - 2009-07-13 22:15 - 02134016 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-05-18 21:43 - 2009-07-13 22:15 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2014-05-18 21:33 - 2014-05-20 00:32 - 00000000 ____D () C:\Users\Todos os Usuários\Advanced
2014-05-18 21:33 - 2014-05-20 00:32 - 00000000 ____D () C:\ProgramData\Advanced
2014-05-18 21:04 - 2014-05-18 21:31 - 00000000 ____D () C:\Users\Todos os Usuários\Standard
2014-05-18 21:04 - 2014-05-18 21:31 - 00000000 ____D () C:\ProgramData\Standard
2014-05-12 20:00 - 2014-05-12 20:00 - 00000845 _____ () C:\Users\redXII\AppData\Local\recently-used.xbel
2014-05-12 19:50 - 2014-05-12 19:50 - 00000000 ____D () C:\Users\redXII\.thumbnails
2014-05-12 19:45 - 2014-05-12 20:01 - 00000000 ____D () C:\Users\redXII\.gimp-2.8
2014-05-12 19:45 - 2014-05-12 19:45 - 00000000 ____D () C:\Users\redXII\AppData\Local\gegl-0.2

==================== One Month Modified Files and Folders =======

2014-06-11 19:28 - 2014-06-11 19:28 - 00009916 _____ () C:\Users\redXII\Desktop\FRST.txt
2014-06-11 19:28 - 2014-06-11 19:27 - 00000000 ____D () C:\FRST
2014-06-11 19:28 - 2014-06-11 17:31 - 00000000 ____D () C:\Users\redXII\AppData\Local\Temp
2014-06-11 19:26 - 2014-06-11 19:26 - 01073152 _____ (Farbar) C:\Users\redXII\Desktop\FRST.exe
2014-06-11 19:24 - 2009-07-14 01:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-11 19:24 - 2009-07-14 01:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 19:18 - 2014-06-11 19:18 - 00063568 _____ () C:\Users\redXII\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-11 19:12 - 2014-06-08 15:17 - 00055757 _____ () C:\Windows\WindowsUpdate.log
2014-06-11 19:10 - 2014-03-18 01:23 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 19:09 - 2014-06-11 01:39 - 00001836 _____ () C:\Windows\PFRO.log
2014-06-11 19:09 - 2014-06-08 20:55 - 00001512 _____ () C:\Windows\setupact.log
2014-06-11 19:09 - 2014-04-14 23:50 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-11 19:09 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-11 19:08 - 2014-06-11 17:59 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\ZHP
2014-06-11 19:06 - 2014-06-11 19:08 - 00001194 _____ () C:\Users\redXII\Desktop\ZHPFixReport.txt
2014-06-11 18:42 - 2014-06-11 18:42 - 00027737 _____ () C:\Users\redXII\Desktop\ZHPDiag.txt
2014-06-11 18:41 - 2014-06-08 15:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-11 18:40 - 2014-03-18 01:23 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-11 17:59 - 2014-06-11 17:59 - 00001933 _____ () C:\Users\redXII\Desktop\ZHPFix.lnk
2014-06-11 17:59 - 2014-06-11 17:59 - 00001806 _____ () C:\Users\redXII\Desktop\ZHPDiag.lnk
2014-06-11 17:59 - 2014-06-11 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-06-11 17:59 - 2014-06-11 17:59 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-06-11 17:59 - 2014-06-11 17:57 - 06856430 _____ (Nicolas Coolman ) C:\Users\redXII\Desktop\ZHPDiag2.exe
2014-06-11 17:52 - 2014-06-11 17:21 - 00008079 _____ () C:\zoek-results.log
2014-06-11 17:51 - 2014-06-11 17:20 - 00000000 ____D () C:\zoek_backup
2014-06-11 17:35 - 2014-06-11 17:50 - 00020055 _____ () C:\zoek-results2014-06-11-203529.log
2014-06-11 17:31 - 2014-06-11 17:31 - 00000000 ____D () C:\Users\Usuário Padrão\AppData\Local\temp
2014-06-11 17:31 - 2014-06-11 17:31 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 17:31 - 2014-06-11 17:31 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 17:31 - 2014-06-11 17:31 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 17:20 - 2014-06-11 17:20 - 01285120 _____ () C:\Users\redXII\Desktop\zoek.exe
2014-06-11 17:12 - 2014-06-11 17:12 - 00000622 _____ () C:\Users\redXII\Desktop\JRT.txt
2014-06-11 17:08 - 2014-06-11 17:08 - 01016261 _____ (Thisisu) C:\Users\redXII\Desktop\JRT.exe
2014-06-11 16:53 - 2014-06-11 16:52 - 00000000 ____D () C:\AdwCleaner
2014-06-11 16:51 - 2014-06-11 16:50 - 01333465 _____ () C:\Users\redXII\Desktop\AdwCleaner.exe
2014-06-11 16:50 - 2014-06-08 15:40 - 00000000 ____D () C:\Users\redXII\Documents\Anki
2014-06-11 16:11 - 2014-03-18 01:49 - 00000000 ____D () C:\Users\redXII\AppData\Local\Battle.net
2014-06-11 14:06 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-11 13:26 - 2014-06-11 13:18 - 00005146 _____ () C:\Users\redXII\Desktop\hijackthis.log
2014-06-11 13:17 - 2014-06-11 13:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\redXII\Desktop\HijackThis.exe
2014-06-11 03:24 - 2014-06-11 03:24 - 00065232 _____ (Malwarebytes) C:\Users\redXII\Desktop\regassassin-setup-1.03.exe
2014-06-11 03:19 - 2014-06-11 03:16 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-11 03:06 - 2014-06-11 03:06 - 00018761 _____ () C:\ComboFix.txt
2014-06-11 03:06 - 2014-06-11 02:56 - 00000000 ____D () C:\Qoobox
2014-06-11 03:06 - 2009-07-13 23:37 - 00000000 __RHD () C:\Users\Default
2014-06-11 03:06 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\Public
2014-06-11 03:05 - 2014-06-08 14:41 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 03:05 - 2009-07-13 23:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-11 03:02 - 2014-03-31 18:55 - 00000000 ____D () C:\Users\Todos os Usuários\Temp
2014-06-11 03:02 - 2014-03-31 18:55 - 00000000 ____D () C:\ProgramData\Temp
2014-06-11 02:57 - 2013-11-11 17:53 - 05205915 ____R (Swearware) C:\Users\redXII\Desktop\ComboFix.exe
2014-06-11 02:50 - 2014-06-11 02:50 - 00135216 _____ () C:\Windows\Minidump\061114-9952-01.dmp
2014-06-11 02:50 - 2014-06-11 02:40 - 192191344 _____ () C:\Windows\MEMORY.DMP
2014-06-11 02:50 - 2014-06-11 02:40 - 00000000 ____D () C:\Windows\Minidump
2014-06-11 02:40 - 2014-06-11 02:40 - 00156672 _____ () C:\Windows\Minidump\061114-10093-01.dmp
2014-06-11 02:04 - 2014-06-11 02:04 - 00000000 ____D () C:\Windows\ERUNT
2014-06-11 01:56 - 2014-06-11 01:56 - 00000000 ____D () C:\Windows\pss
2014-06-11 00:18 - 2014-05-28 22:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-10 15:23 - 2014-06-10 15:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-09 22:54 - 2014-05-30 17:32 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\Winamp
2014-06-09 17:23 - 2014-06-09 17:23 - 00000000 ____D () C:\Users\redXII\AppData\Local\Adobe
2014-06-09 02:00 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-06-08 20:55 - 2014-06-08 20:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-08 20:55 - 2014-06-08 20:54 - 01630360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-08 17:09 - 2014-05-26 23:56 - 00004425 _____ () C:\Users\redXII\Desktop\vocabulary.txt
2014-06-08 15:40 - 2014-06-08 15:40 - 00000712 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2014-06-08 15:40 - 2014-06-08 15:40 - 00000700 _____ () C:\Users\redXII\Desktop\Anki.lnk
2014-06-08 15:40 - 2014-06-08 15:40 - 00000000 ____D () C:\Program Files\Anki
2014-06-08 15:33 - 2014-06-08 15:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-08 15:33 - 2014-06-08 15:33 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-08 14:40 - 2014-04-20 19:56 - 00000000 ____D () C:\Users\redXII\AppData\Local\Razer
2014-06-08 14:40 - 2014-04-20 19:48 - 00000000 ____D () C:\Users\Todos os Usuários\Razer
2014-06-08 14:40 - 2014-04-20 19:48 - 00000000 ____D () C:\ProgramData\Razer
2014-06-08 14:33 - 2009-07-13 23:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-06 17:16 - 2014-03-18 01:49 - 00000000 ____D () C:\Program Files\Battle.net
2014-06-06 17:09 - 2014-03-18 06:01 - 00000000 ____D () C:\Windows\Panther
2014-06-06 17:09 - 2014-03-18 02:00 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\BitTorrent
2014-06-04 14:55 - 2014-06-01 17:02 - 00000448 _____ () C:\Users\redXII\Desktop\Phrasal Verbs.txt
2014-06-01 15:16 - 2014-06-01 15:16 - 00000000 ____D () C:\Users\redXII\AppData\Local\Macromedia
2014-05-31 19:01 - 2014-05-31 19:01 - 00000000 ____D () C:\Users\redXII\Documents\My Games
2014-05-30 17:33 - 2014-05-30 17:33 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2014-05-30 17:33 - 2014-05-30 17:32 - 00000000 ____D () C:\Program Files\Winamp
2014-05-30 17:26 - 2014-03-18 02:00 - 00000000 ____D () C:\Program Files\Clementine
2014-05-28 22:25 - 2014-05-28 22:24 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\Mozilla
2014-05-28 22:25 - 2014-05-28 22:24 - 00000000 ____D () C:\Users\redXII\AppData\Local\Mozilla
2014-05-28 22:24 - 2014-05-28 22:24 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-28 22:24 - 2014-05-28 22:24 - 00000000 ____D () C:\Users\Todos os Usuários\Mozilla
2014-05-28 22:24 - 2014-05-28 22:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-28 22:23 - 2014-05-28 22:23 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-27 22:51 - 2014-03-18 01:23 - 01633534 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 22:51 - 2009-07-29 15:46 - 00705070 _____ () C:\Windows\system32\prfh0416.dat
2014-05-27 22:51 - 2009-07-29 15:46 - 00146910 _____ () C:\Windows\system32\prfc0416.dat
2014-05-22 16:12 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\rescache
2014-05-21 16:03 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-05-21 16:01 - 2014-05-21 16:01 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-21 16:01 - 2014-05-21 16:01 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-21 16:01 - 2014-05-21 16:01 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01619456 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-05-21 16:01 - 2014-05-21 16:01 - 01495040 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-21 16:01 - 2014-05-21 16:01 - 01170944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00739840 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00728448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-05-21 16:01 - 2014-05-21 16:01 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-21 16:01 - 2014-05-21 16:01 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00283648 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00219008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-05-21 16:01 - 2014-05-21 16:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-21 16:01 - 2014-05-21 16:01 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-21 16:01 - 2014-05-21 16:01 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-21 16:01 - 2014-05-21 16:01 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-21 16:01 - 2014-05-21 15:44 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\Opera Software
2014-05-21 16:01 - 2014-05-21 15:44 - 00000000 ____D () C:\Users\redXII\AppData\Local\Opera Software
2014-05-21 16:01 - 2014-05-21 15:44 - 00000000 ____D () C:\Program Files\Opera
2014-05-21 15:49 - 2014-03-31 18:56 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-05-21 15:49 - 2014-03-31 18:56 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-05-21 15:49 - 2014-03-31 18:56 - 00000000 ____D () C:\Program Files\GbPlugin
2014-05-21 15:48 - 2014-03-31 18:56 - 00045823 _____ () C:\Users\redXII\AppData\Roaming\unins000.dat
2014-05-20 16:23 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-20 01:14 - 2009-07-14 04:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-20 01:14 - 2009-07-14 01:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-05-20 00:54 - 2014-05-20 00:54 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\MPC-HC
2014-05-20 00:54 - 2014-05-20 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-05-20 00:54 - 2014-05-20 00:54 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-05-20 00:32 - 2014-05-18 21:33 - 00000000 ____D () C:\Users\Todos os Usuários\Advanced
2014-05-20 00:32 - 2014-05-18 21:33 - 00000000 ____D () C:\ProgramData\Advanced
2014-05-20 00:10 - 2014-05-20 00:10 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\MediaConfiguration
2014-05-20 00:10 - 2014-05-20 00:10 - 00000000 ____D () C:\Users\redXII\AppData\Roaming\Media Control
2014-05-18 21:31 - 2014-05-18 21:04 - 00000000 ____D () C:\Users\Todos os Usuários\Standard
2014-05-18 21:31 - 2014-05-18 21:04 - 00000000 ____D () C:\ProgramData\Standard
2014-05-15 16:42 - 2014-03-18 01:43 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 16:42 - 2014-03-18 01:43 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 16:42 - 2014-03-18 01:43 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 00:40 - 2014-05-02 13:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 20:01 - 2014-05-12 19:45 - 00000000 ____D () C:\Users\redXII\.gimp-2.8
2014-05-12 20:00 - 2014-05-12 20:00 - 00000845 _____ () C:\Users\redXII\AppData\Local\recently-used.xbel
2014-05-12 19:50 - 2014-05-12 19:50 - 00000000 ____D () C:\Users\redXII\.thumbnails
2014-05-12 19:50 - 2014-03-18 01:14 - 00000000 ____D () C:\Users\redXII
2014-05-12 19:45 - 2014-05-12 19:45 - 00000000 ____D () C:\Users\redXII\AppData\Local\gegl-0.2

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 02:11

==================== End Of Log ============================

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Clique com o botão direito do mouse sobre o FRST, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem].

Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-06-2014
Ran by redXII at 2014-06-11 20:11:00 Run:1
Running from C:\Users\redXII\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
SearchScopes: HKLM - DefaultScope value is missing.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
end

*****************

'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BavSvc' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.

==== End of Fixlog ====

Faça o download do SystemLook.exe no endereço abaixo e salve no seu Desktop (área de trabalho):
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (versão 32 bits)

Clique com o direito sobre o arquivo SystemLook.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho que te passei.

Cole o texto que você acabou de copiar na caixa de texto do SystemLook.

Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

è essas entradas que eu encontro no regedit, não tem jeito de deletar.


SystemLook 30.07.11 by jpshortstuff
Log created at 20:20 on 11/06/2014 by redXII
Administrator - Elevation successful

========== filefind ==========

Searching for "baidu"
No files found.

========== folderfind ==========

Searching for "baidu"
No folders found.

========== regfind ==========

Searching for "baidu"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

-= EOF =-