Notebook mais bixado das galáxias!Direito a Baidu etc..

por natanalves Sáb 26 Jul 2014, 10:45

Bom dia. Estou em um notebook que está com diversas pragas. Infelizmente não estava nem conseguindo entrar em navegador algum por ele para vir pedir ajuda. Agora em modo de segurança com rede e apenas pelo Explorer consegui vir aqui. Preciso de ajuda para remover todas as pragas que tem aqui.

Muito obrigado!

por **Power Max** Sáb 26 Jul 2014, 10:59

Olá.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por natanalves Sáb 26 Jul 2014, 11:16

# AdwCleaner v3.216 - Relatório criado 26/07/2014 às 11:08:49
# Atualizado 17/07/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : Priscila - PRISCILA-PC
# Executando de : C:\Users\Priscila\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64
[#] Serviço Deletada : 70e6ca8c
[#] Serviço Deletada : BackupStack
[#] Serviço Deletada : d0e87c27
[#] Serviço Deletada : IePluginServices
[#] Serviço Deletada : Mext Guard
[#] Serviço Deletada : NewPlayerUpdaterService
[#] Serviço Deletada : qknfd
[#] Serviço Deletada : SecureAssist
[#] Serviço Deletada : SPBIUpd
[#] Serviço Deletada : SPBIUpdd
[#] Serviço Deletada : Update webget
[#] Serviço Deletada : Util webget
[#] Serviço Deletada : V-bates Updater
[#] Serviço Deletada : vosr
[#] Serviço Deletada : Wpm
[#] Serviço Deletada : xmkysecqun64

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\374311380
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\BonanzaDealsLive
Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\QuickSet
Pasta Deletada : C:\ProgramData\ShopperPro
Pasta Deletada : C:\ProgramData\SuperbApp
Pasta Deletada : C:\ProgramData\Systweak
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\Fuun2Saeve
Pasta Deletada : C:\ProgramData\saVe nett
Pasta Deletada : C:\ProgramData\SuRf anD keep
Pasta Deletada : C:\ProgramData\YoutubeAdblocker
Pasta Deletada : C:\ProgramData\YoutubeBookmark
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
Pasta Deletada : C:\Program Files (x86)\AnyProtectEx
Pasta Deletada : C:\Program Files (x86)\baidu
Pasta Deletada : C:\Program Files (x86)\BonanzaDeals
Pasta Deletada : C:\Program Files (x86)\BonanzaDealsLive
Pasta Deletada : C:\Program Files (x86)\crimsolite
Pasta Deletada : C:\Program Files (x86)\iWebar
Pasta Deletada : C:\Program Files (x86)\Mobogenie
Pasta Deletada : C:\Program Files (x86)\MyPC Backup
Pasta Deletada : C:\Program Files (x86)\NewPlayer
Pasta Deletada : C:\Program Files (x86)\Optimizer Pro
Pasta Deletada : C:\Program Files (x86)\Quiknowledge
Pasta Deletada : C:\Program Files (x86)\ShopperPro
Pasta Deletada : C:\Program Files (x86)\Software Updater
Pasta Deletada : C:\Program Files (x86)\SupraSavings
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Program Files (x86)\SW-Booster
Pasta Deletada : C:\Program Files (x86)\Uninstaller
Pasta Deletada : C:\Program Files (x86)\webget
Pasta Deletada : C:\Program Files (x86)\YouTube Accelerator
Pasta Deletada : C:\Program Files (x86)\saVe nett
Pasta Deletada : C:\Program Files (x86)\SuRf anD keep
Pasta Deletada : C:\Program Files (x86)\YoutubeAdblocker
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\Quiknowledge
Pasta Deletada : C:\Program Files\SupraSavings
Pasta Deletada : C:\Program Files\V-bates
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\Priscila\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\Priscila\AppData\Local\FilesFrog Update Checker
Pasta Deletada : C:\Users\Priscila\AppData\Local\genienext
Pasta Deletada : C:\Users\Priscila\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Priscila\AppData\Local\NewPlayer
Pasta Deletada : C:\Users\Priscila\AppData\Local\PriceMeter
Pasta Deletada : C:\Users\Priscila\AppData\Local\torch
Pasta Deletada : C:\Users\Priscila\AppData\Local\webplayer
Pasta Deletada : C:\Users\Priscila\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\Priscila\AppData\Local\Temp\webget
Pasta Deletada : C:\Users\Priscila\AppData\LocalLow\Goobzo
Pasta Deletada : C:\Users\Priscila\AppData\LocalLow\IminentToolbar
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\Activeris
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\sweet-page
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\UpdaterEX
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\Priscila\Documents\Mobogenie
Pasta Deletada : C:\Users\Priscila\Documents\Optimizer Pro
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Public\Documents\Goobzo
Pasta Deletada : C:\Users\Public\Documents\ShopperPro
Pasta Deletada : C:\Users\wangjihua\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\Mozilla\Firefox\Profiles\m62zp78h.default\Extensions\eo_io@zwpxjeiueu.co.uk
Pasta Deletada : C:\Users\Priscila\AppData\Roaming\Mozilla\Firefox\Profiles\m62zp78h.default\Extensions\uewaf@omyiiuuaio.net
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Users\Public\Desktop\NewPlayer.lnk
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.dll
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.ini
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssistOff.ini
Arquivo Deletada : C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Windows\System32\SecureAssist.ini
Arquivo Deletada : C:\Windows\System32\SecureAssist64.dll
Arquivo Deletada : C:\Windows\System32\SecureAssistOff.ini
Arquivo Deletada : C:\Users\Priscila\daemonprocess.txt
Arquivo Deletada : C:\Users\Priscila\AppData\Local\AnyProtectScannerSetup.exe
Arquivo Deletada : C:\Users\Priscila\AppData\Roaming\aps.uninstall.scan.results
Arquivo Deletada : C:\Users\Priscila\AppData\Roaming\LiveSupport.exe_log.txt
Arquivo Deletada : C:\Users\Priscila\AppData\Roaming\regsvr32.exe_log.txt
Arquivo Deletada : C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Arquivo Deletada : C:\Users\Priscila\Desktop\AnyProtect.lnk
Arquivo Deletada : C:\Users\Priscila\Desktop\MyPC Backup.lnk
Arquivo Deletada : C:\Users\Priscila\Desktop\Optimizer Pro.lnk
Arquivo Deletada : C:\Users\Priscila\Desktop\YouTube Accelerator.lnk
Arquivo Deletada : C:\Users\Priscila\AppData\Roaming\Mozilla\Firefox\Profiles\m62zp78h.default\searchplugins\WebSearch.xml
Arquivo Deletada : C:\Users\Priscila\AppData\Roaming\Mozilla\Firefox\Profiles\m62zp78h.default\user.js
Arquivo Deletada : C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_govome.inspsearch.com_0.localstorage-journal
Arquivo Deletada : C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Deletada : C:\Windows\Tasks\APSnotifierPP1.job
Arquivo Deletada : C:\Windows\System32\Tasks\APSnotifierPP1
Arquivo Deletada : C:\Windows\Tasks\APSnotifierPP2.job
Arquivo Deletada : C:\Windows\System32\Tasks\APSnotifierPP2
Arquivo Deletada : C:\Windows\Tasks\APSnotifierPP3.job
Arquivo Deletada : C:\Windows\System32\Tasks\APSnotifierPP3
Arquivo Deletada : C:\Windows\System32\Tasks\BlockAndSurf Update
Arquivo Deletada : C:\Windows\System32\Tasks\BlockAndSurf_wd
Arquivo Deletada : C:\Windows\Tasks\Digital Sites.job
Arquivo Deletada : C:\Windows\System32\Tasks\Digital Sites
Arquivo Deletada : C:\Windows\System32\Tasks\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2
Arquivo Deletada : C:\Windows\Tasks\pricemetertask.job
Arquivo Deletada : C:\Windows\System32\Tasks\pricemetertask
Arquivo Deletada : C:\Windows\Tasks\pricemeterwatcher.job
Arquivo Deletada : C:\Windows\System32\Tasks\pricemeterwatcher
Arquivo Deletada : C:\Windows\System32\Tasks\ShopperPro
Arquivo Deletada : C:\Windows\System32\Tasks\ShopperProJSUpd
Arquivo Deletada : C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
Arquivo Deletada : C:\Windows\Tasks\FF Watcher {9BA16F2A-D00C-46F1-A9FF-4FBB322010E6}.job
Arquivo Deletada : C:\Windows\System32\Tasks\FF Watcher {9BA16F2A-D00C-46F1-A9FF-4FBB322010E6}

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Priscila\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Priscila\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Valor Deletedo : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [livesupport]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Chave Deletedo : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Chave Deletedo : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\speedupmypc
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker
Chave Deletedo : HKLM\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0
Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{76A60138-58B3-4E27-85FB-8FEF344A8998}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8E97F74C-A4DD-4608-AA15-3D1B1F62CFC7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{91EF2939-D202-8447-A279-A00CCFB976E6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD87C92C-659C-1B9B-DC9E-58593E419294}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B89C9191-DEEC-41E4-8DC7-2EBF2BEA1DCB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{5D198F49-CF7B-4AD7-B9B4-ABA458F6D478}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E97F74C-A4DD-4608-AA15-3D1B1F62CFC7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91EF2939-D202-8447-A279-A00CCFB976E6}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD87C92C-659C-1B9B-DC9E-58593E419294}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E97F74C-A4DD-4608-AA15-3D1B1F62CFC7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91EF2939-D202-8447-A279-A00CCFB976E6}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD87C92C-659C-1B9B-DC9E-58593E419294}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E97F74C-A4DD-4608-AA15-3D1B1F62CFC7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91EF2939-D202-8447-A279-A00CCFB976E6}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD87C92C-659C-1B9B-DC9E-58593E419294}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{91EF2939-D202-8447-A279-A00CCFB976E6}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD87C92C-659C-1B9B-DC9E-58593E419294}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{91EF2939-D202-8447-A279-A00CCFB976E6}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{FD87C92C-659C-1B9B-DC9E-58593E419294}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B89C9191-DEEC-41E4-8DC7-2EBF2BEA1DCB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91EF2939-D202-8447-A279-A00CCFB976E6}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD87C92C-659C-1B9B-DC9E-58593E419294}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\AnyProtect
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\Goobzo
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\RegisteredApplicationsEx
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\Somoto
Chave Deletedo : HKCU\Software\suprasavings
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKCU\Software\webget
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\SProtector
Chave Deletedo : HKCU\Software\AppDataLow\Software\blockAndSurf
Chave Deletedo : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\Supra Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\Software\BonanzaDealsLive
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\GlobalUpdate
Chave Deletedo : HKLM\Software\Goobzo
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\iWebar
Chave Deletedo : HKLM\Software\NewPlayer
Chave Deletedo : HKLM\Software\PriceMeterLiveUpdate
Chave Deletedo : HKLM\Software\Rr Savings
Chave Deletedo : HKLM\Software\SP Global
Chave Deletedo : HKLM\Software\SProtector
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\sweet-pageSoftware
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Uniblue
Chave Deletedo : HKLM\Software\V-bates
Chave Deletedo : HKLM\Software\webget
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : [x64] HKLM\SOFTWARE\Rr Savings
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\V-bates
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webget
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ Arquivo : C:\Users\Priscila\AppData\Roaming\Mozilla\Firefox\Profiles\m62zp78h.default\prefs.js ]

Linha deletada : user_pref("browser.search.defaultenginename", "WebSearch");
Linha deletada : user_pref("browser.search.defaultenginename,S", "WebSearch");
Linha deletada : user_pref("browser.search.defaulturl", "hxxp://websearch.searchbomb.info/?pid=1273&r=2013/11/24&hid=11962403155166176297&lg=EN&cc=BR&unqvl=42&l=1&q=");
Linha deletada : user_pref("browser.search.order.1", "WebSearch");
Linha deletada : user_pref("browser.search.order.1,S", "WebSearch");
Linha deletada : user_pref("browser.search.selectedEngine", "WebSearch");
Linha deletada : user_pref("browser.search.selectedEngine,S", "WebSearch");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://websearch.searchbomb.info/?pid=1273&r=2013/11/24&hid=11962403155166176297&lg=EN&cc=BR&unqvl=42");

-\\ Google Chrome v34.0.1847.137

[ Arquivo : C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [36274 octets] - [26/07/2014 11:07:33]
AdwCleaner[S0].txt - [31962 octets] - [26/07/2014 11:08:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32023 octets] ##########

por **Power Max** Sáb 26 Jul 2014, 11:18

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por natanalves Sáb 26 Jul 2014, 11:50

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Priscila on 26/07/2014 at 11:25:40,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3583190713-4147522422-438133965-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB852D0D-C674-E639-4C67-AE154C6B0353}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB852D0D-C674-E639-4C67-AE154C6B0353}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DB852D0D-C674-E639-4C67-AE154C6B0353}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/07/2014 at 11:49:46,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Sáb 26 Jul 2014, 11:52

Desative temporariamente seu antivirus para evitar conflitos.

Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Execute-o da forma indicada nesta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

por natanalves Sáb 26 Jul 2014, 13:36

Estou passando o Shortcut_Module ainda está verificando mas ao que me parece por mais que o número de elementos analisados continue aumentando parou no 70% e verificando os arquivos que estão sendo verificados parece que está em um loop repetindo a verificação de uma série de arquivos.. Sad

por natanalves Sáb 26 Jul 2014, 13:40

Já achou 211 infectados.. Mas esse número também não está mudando mais..

por **Power Max** Sáb 26 Jul 2014, 13:45

Faz quanto tempo que ele está escaneando?

por natanalves Sáb 26 Jul 2014, 13:59

Bastante tempo.. Pela contagem já foram 251079 modificados 0 infectado 211. Coloquei pra rodar o programa assim que vc disse.

por **Power Max** Sáb 26 Jul 2014, 14:03

* Inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro). Aí quando o PC estiver no modo seguro com rede você executa o programa e veja se assim ele termina a limpeza.

Se mesmo assim não der certo, me avise.

por natanalves Qua 30 Jul 2014, 16:35

Fiz o processo várias vezes e sempre para em 70% como proceder?

por **Power Max** Qua 30 Jul 2014, 16:37

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

baidu - Notebook mais bixado das galáxias!Direito a Baidu etc.. 772309

baidu - Notebook mais bixado das galáxias!Direito a Baidu etc.. 772309

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

por natanalves Qua 30 Jul 2014, 23:53

Zoek.exe v5.0.0.0 Updated 29-07-2014
Tool run by Priscila on 30/07/2014 at 23:28:16,19.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Priscila\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

30/07/2014 23:30:08 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Priscila\AppData\Roaming\Mozilla\Firefox\Profiles\m62zp78h.default\prefs.js:

Added to C:\Users\Priscila\AppData\Roaming\Mozilla\Firefox\Profiles\m62zp78h.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\Priscila\AppData\LocalLow\{7ABCAFE2-3090-1C8A-9513-01C6BF98D607} deleted
C:\Users\Priscila\AppData\LocalLow\{DB852D0D-C674-E639-4C67-AE154C6B0353} deleted
C:\Users\Priscila\AppData\LocalLow\{FD87C92C-659C-1B9B-DC9E-58593E419294} deleted
C:\Users\Priscila\AppData\Local\Packages\windows_ie_ac_001\AC\{7ABCAFE2-3090-1C8A-9513-01C6BF98D607} deleted
C:\Users\Priscila\AppData\Local\Packages\windows_ie_ac_001\AC\{91EF2939-D202-8447-A279-A00CCFB976E6} deleted
C:\Users\Priscila\AppData\Local\Packages\windows_ie_ac_001\AC\{DB852D0D-C674-E639-4C67-AE154C6B0353} deleted
C:\Users\Priscila\AppData\Local\Packages\windows_ie_ac_001\AC\{FD87C92C-659C-1B9B-DC9E-58593E419294} deleted
C:\PROGRA~3\d4c4721bcd8b0410 deleted
C:\Users\Priscila\.android deleted
C:\PROGRA~3\ROboSaveer deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Baidu deleted
C:\Users\Priscila\AppData\Local\cache deleted
C:\Users\Priscila\Downloads\FreeZipSetup-e5tmB89.exe deleted
C:\Users\Priscila\Searches deleted
C:\windows\SysNative\tasks\Baidu Antivirus Update deleted
C:\windows\SysNative\Tasks\SPBIW_UpdateTask_Time_313634383530353539312d7855236c575a4a5741415034 deleted
C:\Users\wangjihua deleted
C:\Users\Priscila\AppData\Roaming\Mozilla\Firefox\Profiles\m62zp78h.default\extensions\staged deleted
C:\Users\Priscila\Desktop\Continue Image Editor Installation.lnk deleted
"C:\Users\Priscila\AppData\Local\{FAE7B6C0-9B37-4D95-80A2-4478CC777E00}" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [26/07/2014 11:21]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\Priscila\AppData\Roaming\Mozilla\Firefox\Profiles\m62zp78h.default
CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Users\Priscila\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04/07/2014 13:23]

Pic Enhance - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk
ssave Neut - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca
YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp
Pic Enhance - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk
Pic Enhance - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk
ssave Neut - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp
Pic Enhance - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk
ssave Neut - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca
YoutubeAdblocker - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp
Pic Enhance - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk
Pic Enhance - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk
ssave Neut - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp
Pic Enhance - Priscila\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk
ssave Neut - Priscila\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca
YoutubeAdblocker - Priscila\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp
avast Online Security - Priscila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Priscila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Pic Enhance - Priscila\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk
ssave Neut - Priscila\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca
YoutubeAdblocker - Priscila\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp
V-bates - Priscila\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip

==== Chrome Fix ======================

C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_govome.inspsearch.com_0.localstorage deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp deleted successfully
C:\Users\Priscila\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp deleted successfully
C:\Users\Priscila\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epkphmfmagofjhklggkjfkalghahkllp deleted successfully
C:\Users\Priscila\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk deleted successfully
C:\Users\Priscila\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk deleted successfully
C:\Users\Priscila\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk deleted successfully
C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdfnieppndfdhcgbmhfdlgdjegclkomk_0.localstorage deleted successfully
C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdfnieppndfdhcgbmhfdlgdjegclkomk_0.localstorage-journal deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca deleted successfully
C:\Users\Priscila\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca deleted successfully
C:\Users\Priscila\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgokejaddaibfnhldmknjkpalleijhca deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Reset Google Chrome ======================

C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Priscila\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences was reset successfully
C:\Users\Priscila\AppData\Local\Spark\User Data\Default\Preferences was reset successfully
C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Priscila\AppData\Local\Spark\User Data\Default\Web Data was reset successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Help.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\help.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:49529;https=127.0.0.1:49529"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\dc5e36d4-9da1-47b7-aaeb-0a29e40cc45a deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1920F41B-6AE4-2961-A080-466A47E538DA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Priscila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Priscila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Priscila\AppData\Local\Spark\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=694 folders=87 8854323 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Priscila\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Priscila\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 30/07/2014 at 23:49:37,37 ======================

por **Power Max** Qui 31 Jul 2014, 00:02

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

por natanalves Qui 31 Jul 2014, 06:28

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Scan Date: 31/07/2014
Scan Time: 00:07:15
Logfile: LOG 2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.31.02
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Priscila

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 485087
Time Elapsed: 1 hr, 44 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [eb231f877704e84ee962f07251b13cc4],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\QUIKNOWLEDGE, Quarantined, [18f6911564174ceacd4b33bc12f0fd03],
PUP.Optional.Quiknowledge.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\QKSVC, Quarantined, [7599ecba14675cda8495a94670921de3],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [8f7ff8aeadce63d37a9d0fbe22e03ac6],

Registry Values: 2
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\QUIKNOWLEDGE|ie-ver, 11.0.9600.17105, Quarantined, [18f6911564174ceacd4b33bc12f0fd03]
PUP.Optional.Quiknowledge.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\QKSVC|ImagePath, "C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe", Quarantined, [7599ecba14675cda8495a94670921de3]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 66
PUP.Optional.DomaIQ, C:\Users\Priscila\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000, Quarantined, [c34b475f5c1f4aec8ad956ef9070ab55],
PUP.Optional.AirInstaller, C:\Users\Priscila\Downloads\Versão 12.exe, Quarantined, [d13dcfd7c1ba74c2c54a4dd8bc458c74],
PUP.Optional.Somoto.A, C:\Users\Priscila\Downloads\VideoConverterSetup-Nf1xCdQF9.exe, Quarantined, [57b766406a1154e2c7e41923c83c758b],
PUP.Optional.InstallCore, C:\Users\Priscila\Downloads\windows-movie-maker-2012-1643503728-32-bits.exe, Quarantined, [18f64264b9c2171fa50d9ed911f342be],
PUP.Optional.AppsInstaller, C:\Users\Priscila\Downloads\Photo to Cartoon.exe, Quarantined, [69a52086e99254e27598cb73a95b9d63],
PUP.Optional.InstallCore, C:\Users\Priscila\Downloads\picasa-390-build-13620-32-bits.exe, Quarantined, [f81601a5a9d2979f2b87dc9b41c3ac54],
PUP.Optional.DomaIQ, C:\Users\Priscila\Downloads\Setup (1).exe, Quarantined, [8589e8becdaed0660e558eb7758b07f9],
Adware.Adpeak, C:\AdwCleaner\Quarantine\C\Program Files\003\XMKYSECQUN64.EXE.536697ba.vir, Quarantined, [45c901a5ff7ce0569760435b857f0af6],
PUP.Optional.Quiknowledge.A, C:\AdwCleaner\Quarantine\C\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll.vir, Quarantined, [8f7fa2046b10b77fafee323a3bc69868],
PUP.Optional.AdPeak.A, C:\AdwCleaner\Quarantine\C\Program Files\SupraSavings\SecureAssist.dll.vir, Quarantined, [52bcdfc72457082e3b55211c9070f50b],
PUP.Optional.SweetPacks.A, C:\AdwCleaner\Quarantine\C\Program Files\V-bates\ExtensionUpdaterService.exe.vir, Quarantined, [2de18521f38890a6b522d73860a10cf4],
PUP.Optional.NextLive.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir, Quarantined, [739baafc017ad5615f685ffe788930d0],
PUP.Optional.NewPlayer.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe.vir, Quarantined, [c747f9ad5d1e71c5539dc5c254ad7a86],
PUP.Optional.OptimizerPro, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProReminder.exe.vir, Quarantined, [1df10b9b136839fdac8b0e23fd0438c8],
PUP.Optional.OptimizerPro, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSchedule.exe.vir, Quarantined, [e32bb9edd0ab0432bc7cf93838c9847c],
PUP.Optional.OptimizerPro, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir, Quarantined, [0fff198d077445f1fb3ef93851b0c43c],
PUP.Optional.Quiknowledge.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Quiknowledge\Uninstall.exe.vir, Quarantined, [22ec0d99eb900a2c2e6f47252fd2847c],
PUP.Optional.Quiknowledge.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll.vir, Quarantined, [838b62443c3f8aac1489303c98693ac6],
PUP.Optional.Quiknowledge.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Quiknowledge\Service\qksvc.exe.vir, Quarantined, [c34b3373235837ffe2bb3b3125dc837d],
PUP.Optional.SupraSavings.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupraSavings\2rs3.dll.vir, Quarantined, [aa64d8ceb0cbfc3a2983138adf252cd4],
PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir, Quarantined, [4ec05551b6c5cc6a94565539c33ee21e],
PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir, Quarantined, [0509169086f5c86e9357eda11ee3c63a],
PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir, Quarantined, [f915a105ff7c0e287377f09e6d9418e8],
PUP.Optional.IEPluginService.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir, Quarantined, [c44a7036314a05319288274bd62b12ee],
PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir, Quarantined, [9a749b0b87f4f2449852d2bc05fc5ca4],
PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir, Quarantined, [bb53a60045364cea7872721cd22fc23e],
PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir, Quarantined, [f31bbbeb691273c30ddd6b235ea36898],
PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir, Quarantined, [d43aeeb8a5d63bfbb7334b43a061718f],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir, Quarantined, [e5291f879fdc0d2916543afbba46b24e],
Trojan.SProtector, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SW-Booster\Assistant.dll.536697db.vir, Quarantined, [30de44625c1f96a06a62461db34e9967],
Trojan.SProtector, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SW-Booster\ASSIST~2.DLL.536697c8.vir, Quarantined, [24ead7cf097261d58571f4aecb36e719],
PUP.Optional.Webget.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\webgetBHO.dll.vir, Quarantined, [28e66d39b4c72b0bdcc9770a2cd532ce],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\bin\plugins\webget.BrowserAdapterS.dll.vir, Quarantined, [719d4d593c3f4fe7e7ecb9d5a061ef11],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\webget\bin\plugins\webget.PurBrowseG.dll.vir, Quarantined, [a16d8323a2d90a2cb457057bdc2519e7],
PUP.Optional.MultiPlug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\u71S9tff.dll.vir, Quarantined, [21ed0d994c2f8ea88af5b69d9a67fd03],
PUP.Optional.IePluginService.A, C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir, Quarantined, [f717a8fe0d6e80b6484c91ce28d905fb],
PUP.Optional.WpManager, C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir, Quarantined, [a16d178ffd7eb48219004a20f20f5aa6],
PUP.Optional.Somoto, C:\AdwCleaner\Quarantine\C\Users\Priscila\AppData\Local\FilesFrog Update Checker\uninstall.exe.vir, Quarantined, [68a64165d0ab3105f51c29fef50b42be],
PUP.Optional.NextLive.A, C:\AdwCleaner\Quarantine\C\Users\Priscila\AppData\Local\genienext\nengine.dll.vir, Quarantined, [a06ed7cfd3a8fd39725563fafc05df21],
PUP.Optional.NextLive.A, C:\AdwCleaner\Quarantine\C\Users\Priscila\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.35.zip.vir, Quarantined, [ab633a6c88f37db918af62fb669b2ad6],
PUP.Optional.NextLive.A, C:\AdwCleaner\Quarantine\C\Users\Priscila\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir, Quarantined, [b25c0d9992e988ae9532a7b612efc53b],
PUP.Optional.PriceMeter.A, C:\AdwCleaner\Quarantine\C\Users\Priscila\AppData\Local\PriceMeter\pricemeterd.exe.vir, Quarantined, [917d2c7af9820a2ce45b4c2a3cc549b7],
PUP.Optional.PriceMeter.A, C:\AdwCleaner\Quarantine\C\Users\Priscila\AppData\Local\PriceMeter\pricemeterw.exe.vir, Quarantined, [99756145e3985ed8e05ff87eee13728e],
PUP.Optional.PriceMeter.A, C:\AdwCleaner\Quarantine\C\Users\Priscila\AppData\Local\PriceMeter\uninst.exe.vir, Quarantined, [9579555187f42412120d9feca8596f91],
PUP.Optional.NextLive.A, C:\AdwCleaner\Quarantine\C\Users\Priscila\AppData\Roaming\newnext.me\nengine.dll.vir, Quarantined, [020cc4e2631891a5d5f2302d50b1748c],
PUP.Optional.AdPeak.A, C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\SecureAssist.dll.vir, Quarantined, [b15d36700a7139fdeba51e1f5ca4c040],
PUP.Optional.Iminent.A, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\IminentSetup-NewVer_22april.exe.S_M, Quarantined, [c04eb4f22c4fff37d376aaa324dda65a],
PUP.Optional.VBates.A, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\v-bates.exe.S_M, Quarantined, [a6684a5c0a7193a3aff5fc4941bfd32d],
PUP.Optional.Somoto, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\VideoConverterSetup.exe.S_M, Quarantined, [6f9f03a39edd4fe7403462c2709007f9],
PUP.Optional.Conduit.A, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\6d1c4443-a143-496e-82ae-827dee1c529e\spidentifierimpl.exe.S_M, Quarantined, [9b73dcca90ebd06630b4f399c041847c],
PUP.Optional.Conduit.A, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\7d77dde4-fdd0-4b48-9af3-3ab478436b0a\spidentifierimpl.exe.S_M, Quarantined, [45c9a402adce61d5e6fe96f646bb59a7],
PUP.Optional.Conduit.A, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\e8cef58c-db16-435d-bec7-fa08378021e2\spidentifierimpl.exe.S_M, Quarantined, [e42a584e5c1f082ea0448efe0100ca36],
PUP.Optional.SkyTech.A, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\fullpackage_temp1397334514.S_M\alilog.dll, Quarantined, [cc425d49cfac46f0ac885ad8748c6997],
PUP.Optional.V9.A, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\fullpackage_temp1397334514.S_M\qSE.exe, Quarantined, [de3066404d2e5fd7de0478d059a707f9],
PUP.Optional.GenericExt.A, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\igdhbblpcellaljokkpfhcjlagemhgjl730c.S_M\MinibarChrome.exe, Quarantined, [65a9cfd7582353e3a0b2003d69978d73],
PUP.Optional.ScramblePacker.A, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\Install_21162\iwebar.exe.S_M, Quarantined, [0a04079fcbb0fb3b1029582dd72af40c],
PUP.Optional.Goobzo, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\Install_21162\shopperpro.exe.S_M, Quarantined, [29e536700a717fb73bb7515bda2ade22],
PUP.Optional.SupraSavings.A, C:\Shortcut_Module\Quarantine\C\Users\Priscila\AppData\Local\Temp\n7438\suprasavings_2703-e3e04064.exe.S_M, Quarantined, [13fb20865a211323a237410fe121639d],
PUP.Optional.InstalleRex, C:\Shortcut_Module\Quarantine\C\Users\Priscila\Downloads\Download.exe.S_M, Quarantined, [9e701e8881fae452253eb8c10af7ca36],
PUP.Optional.Softonic.A, C:\Shortcut_Module\Quarantine\C\Users\Priscila\Downloads\SoftonicDownloader_para_nemo-e-marlin.exe.S_M, Quarantined, [9579f8ae5229d3638bc8c46510f15da3],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarantined, [010d21859be037ffe9a72d10e51bc63a],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [a26cb3f3fd7e5bdb2d7f6e2f33d13dc3],
PUP.Optional.AdPeak.A, C:\Windows\Installer\10b3bd.msi, Quarantined, [2be38d198fec0630f29efd4031cfe41c],
PUP.Optional.SupraSavings.A, C:\Windows\Installer\f4e81.msi, Quarantined, [af5f02a4dc9f46f013997b2238cc47b9],
PUP.Optional.Quiknowledge.A, C:\Windows\System32\drivers\qknfd.sys, Quarantined, [6da1fbab98e33501edb0b1bb30d17f81],
PUP.Optional.Somoto, C:\zoek_backup\C_Users_Priscila_Downloads_FreeZipSetup-e5tmB89.exe.vir, Quarantined, [ef1f9412df9c95a117545e80ba4a3ec2],

Physical Sectors: 0
(No malicious items detected)

(end)

por natanalves Qui 31 Jul 2014, 10:03

~ Relatório do ZHPDiag v2014.7.30.111 - Nicolas Coolman (30/07/2014)
~ Iniciado por Priscila (31/07/2014 09:57:32)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v34.0.1847.137 (Defaut)
OPIE: Opera vStable 21.0.1432.57

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 ActiveX
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3834 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 216 GB (72%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PRISCILA-PC
~ User Name: Priscila
~ All Users Names: Priscila, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Priscila\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Priscila\AppData\Roaming\
~ %Desktop% : C:\Users\Priscila\Desktop\
~ %Favorites% : C:\Users\Priscila\Favorites\
~ %LocalAppData% : C:\Users\Priscila\AppData\Local\
~ %StartMenu% : C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 216 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/3485
~ Mes musiques (My Musics) : 20/138
~ Mes Videos (My Videos) : 1/444
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 2/77
~ Mon Bureau (My Desktop) : 1/6398
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 11s

---\\ Processos lançados
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2632]
[MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.3568]
[MD5.085FCC89B98B037E298EF35E12681AB7] - (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [935936] [PID.3928]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.4060]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3452]
[MD5.3B58FE4644008D1D21DE4D564CE2C4E8] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1679720] [PID.2580]
[MD5.0FE0EDF01CEA3BEB2E65A904BB87525E] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [640376] [PID.3720]
[MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.4912]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.1316]
[MD5.603668084332DDB58D8C5AACE30B04FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.6768]
[MD5.CD900EFB4F8946A2BB1950D9F45915C2] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [812216] [PID.10624]
[MD5.B3593D56E802DE2C61B755B85669B2B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8083968] [PID.5228]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1556]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1940]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.1112]
[MD5.ED085E3978E75CDA85AE3CB26A9061A0] - (.Baidu, Inc. - Baidu Antivirus Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [2006312] [PID.1332]
[MD5.E6D22A63FAC25EE9CE4DCD3A44777472] - (.Baidu, Inc. - Baidu Antivirus Hips Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [480920] [PID.1892]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.1264]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2308]
[MD5.060DAF68493AD7ADF104413E5A62AFA8] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920] [PID.4492]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.6960]
~ Processes Running: Scanned in 00mn 01s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 20 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Google+ Auto Backup] C:\Users\Priscila\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (.not file.)
O4 - HKCU\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Priscila\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Acrobat Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3583190713-4147522422-438133965-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-3583190713-4147522422-438133965-1000\..\Run: [Google+ Auto Backup] C:\Users\Priscila\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (.not file.)
O4 - HKUS\S-1-5-21-3583190713-4147522422-438133965-1000\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKUS\S-1-5-21-3583190713-4147522422-438133965-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Priscila\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4CD9A8D-619A-4540-A280-0855F060209B}: DhcpNameServer = 187.122.188.101 187.122.188.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{D4CD9A8D-619A-4540-A280-0855F060209B}: DhcpNameServer = 187.122.188.101 187.122.188.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{D4CD9A8D-619A-4540-A280-0855F060209B}: DhcpNameServer = 187.122.188.101 187.122.188.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.122.188.101 187.122.188.109
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu Antivirus Service (BAVSvc) . (.Baidu, Inc. - Baidu Antivirus Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) . (.Baidu, Inc. - Baidu Antivirus Hips Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
~ Services: 10 Legitimates Filtered in 00mn 13s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [YTAUpdate] (...) -- C:\Program Files (x86)\YOUTUB~2\Updater.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [YTAUpdate_logon] (...) -- C:\Program Files (x86)\YOUTUB~2\Updater.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3583190713-4147522422-438133965-1000Core [918]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3583190713-4147522422-438133965-1000UA [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3583190713-4147522422-438133965-1000Core [1038]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3583190713-4147522422-438133965-1000UA [1090]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 03s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex64.sys
O41 - Driver: (Bndef) . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - C:\Windows\system32\drivers\bndef64.sys
~ Drivers: 84 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Ares 2.2.5 - (.Seekar Ltd.) [HKLM][64Bits] -- Ares
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Quiknowledge - (.Quiknowledge.) [HKLM][64Bits] -- Quiknowledge
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: iba e-books - (.iba.) [HKCU][64Bits] -- 3f68513fb1bc7c45
~ Logic: 28 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\Baidu Security]
[HKCU\Software\GbAs]
[HKCU\Software\Shortcut_Module]
[HKLM\Software\Baidu Security]
[HKLM\Software\Shortcut_Module]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Liangzhu]
[HKLM\Software\Wow6432Node\Shortcut_Module]
~ Key Software: 202 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/07/2014 - 02:02:05 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 01/11/2013 - 07:45:02 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 04/04/2014 - 10:03:11 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 30/03/2014 - 22:38:53 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 30/07/2014 - 23:49:34 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 26/07/2014 - 02:02:19 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 18/03/2014 - 08:44:59 - [] ----D C:\ProgramData\VIVO INTERNET
O43 - CFD: 31/07/2014 - 07:17:22 - [] ----D C:\Users\Priscila\AppData\Roaming\Baidu
O43 - CFD: 01/11/2013 - 07:44:54 - [] ----D C:\Users\Priscila\AppData\Roaming\Baidu Security
O43 - CFD: 22/03/2014 - 09:28:59 - [] ----D C:\Users\Priscila\AppData\Roaming\br.com.abril.iba.ebooks
O43 - CFD: 26/09/2013 - 15:31:44 - [] ----D C:\Users\Priscila\AppData\Roaming\VIVO INTERNET
O43 - CFD: 31/10/2013 - 14:47:36 - [] ----D C:\Users\Priscila\AppData\Local\Ares
O43 - CFD: 26/07/2014 - 13:02:33 - [0] ----D C:\Users\Priscila\AppData\Local\com
O43 - CFD: 26/07/2014 - 02:02:21 - [] ----D C:\Users\Priscila\AppData\Local\Installer
O43 - CFD: 22/03/2014 - 09:28:53 - [] ----D C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iba
O43 - CFD: 04/04/2014 - 10:01:49 - [] ----D C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 152 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D95E64416A4A3ED6986E0F474DA934BD] - 26/07/2014 - 11:21:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.DD340722EDDB17C44D75FD59943E1EB1] - 30/07/2014 - 15:31:27 ----- . (...) -- C:\Shortcut_Module.txt [53446]
O44 - LFC:[MD5.8302E4B0F42E434A9F9334740F78830C] - 30/07/2014 - 16:48:29 ---A- . (...) -- C:\Windows\ntbtlog.txt [431296]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/07/2014 - 23:27:34 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.57C59E3A63F913F8A6E342FC7AB0478E] - 30/07/2014 - 23:49:37 ---A- . (...) -- C:\zoek-results.log [20161]
~ Files: 74 Legitimates Filtered in 00mn 05s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{21b754cd-1ae3-11e3-b40d-544249313667}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{21b754da-1ae3-11e3-b40d-544249313667}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{424ffcd7-ae91-11e3-afa0-544249313667}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{424ffce5-ae91-11e3-afa0-544249313667}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{eba1cfbf-1bcb-11e3-b58b-544249313667}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{eba1cfe9-1bcb-11e3-b58b-544249313667}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{fe21760c-211e-11e3-9d70-544249313667}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:26/07/2014 - 11:21:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:26/07/2014 - 11:21:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:26/07/2014 - 11:21:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:07/05/2014 - 01:09:23 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [55616]
O58 - SDL:07/05/2014 - 01:09:26 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [37696]
O58 - SDL:07/05/2014 - 01:09:34 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex64.sys [91648]
O58 - SDL:07/05/2014 - 01:09:35 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef64.sys [70944]
O58 - SDL:14/04/2014 - 23:30:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [142624]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 77 Legitimates Filtered in 00mn 05s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 26/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 07/05/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys (BdApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 07/05/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys (BdCameraProtect) .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT
O64 - Services: CurCS - 07/05/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 07/05/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON
O64 - Services: CurCS - 07/05/2014 - C:\Windows\System32\drivers\bnbasex64.sys (Bnbase) .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
O64 - Services: CurCS - 07/05/2014 - C:\Windows\system32\drivers\bndef64.sys (Bndef) .(.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - LEGACY_BNDEF
~ Legacy: 96 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Priscila\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B653DD91D5D6E519D3357A80A15A5DFB] [SPRF][26/07/2014] (...) -- C:\Users\Priscila\Desktop\AdwCleaner.exe [1354223]
[MD5.8BDC919849E422354B6CB5321E166D04] [SPRF][26/07/2014] (.No owner - Shortcut_Module.) -- C:\Users\Priscila\Desktop\Shortcut_Module.exe [2678272]
[MD5.B6F3EFF7F38D65A0C54B11A675173300] [SPRF][30/07/2014] (...) -- C:\Users\Priscila\Desktop\zoek.exe [1287168]
~ Files: 5 Legitimates Filtered in 00mn 00s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
~ BTK: 83 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 26/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 15/05/2014 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 13/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/06/2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 26/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 07/05/2014 2006312 | (BAVSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
SR - | Auto 07/05/2014 480920 | (BHipsSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 08/07/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 16s

---\\ Scâner Aditional (088)
Database Version : 13026 - (30/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

C:\Users\Priscila\AppData\Local\Installer =>Adware.InstallPedia
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
~ Additionnel Scan: 297461 Items scanned in 00mn 53s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MyPCBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallPedia
~ MSI: 2 link(s) detected in 00mn 00s

~ 807 Legitimates filtered by white list
End of the scan (492 lines in 02mn 24s)(0)

por **Power Max** Qui 31 Jul 2014, 10:19

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_____________________________________________________________________________________

baidu - Notebook mais bixado das galáxias!Direito a Baidu etc.. 772309

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

baidu - Notebook mais bixado das galáxias!Direito a Baidu etc.. 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por natanalves Qui 31 Jul 2014, 10:48

Rapport de ZHPFix 2014.7.27.5 par Nicolas Coolman, Update du 27/07/2014
Fichier d'export Registre :
Run by Priscila at 31/07/2014 10:43:30
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\quiknowledge\uninstall.exe

========== Estado dos serviços ==========
BDAPIUTIL Parado
BDCAMERAPROTECT Parado
BFILTER Parado
BFMON Parado
BNBASE Parado
BNDEF Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quiknowledge]
ELIMINÉ: Service: BAVSvc
ELIMINÉ: Service: BHipsSvc
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS

========== Valores do Registo ==========
ELIMINÉ RunValue: Google+ Auto Backup
ELIMINÉ RunValue: Baidu Antivirus
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files (x86)\baidu security\baidu antivirus\bavtray.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bnbasex64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bndef64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (40) (4.980.794 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: YTAUpdate
ELIMINÉ: YTAUpdate
ELIMINÉ: YTAUpdate_logon

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
12 : Chaves do Registo
8 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
8 : Ficheiros
1 : Softwares
6 : Estado dos serviços
3 : Tarefa planificada
1 : Restauração Sistema

End of clean in 01mn 18s

========== Caminho do ficheiro do relatório ==========
C:\Users\Priscila\AppData\Roaming\ZHP\ZHPFix[R1].txt - 31/07/2014 10:43:35 [2791]

por **Power Max** Qui 31 Jul 2014, 11:04

reinicie o PC.

Depois de reiniciar faça o seguinte:

baidu - Notebook mais bixado das galáxias!Direito a Baidu etc.. 772309

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por natanalves Qui 31 Jul 2014, 11:18

~ Relatório do ZHPDiag v2014.7.30.111 - Nicolas Coolman (30/07/2014)
~ Iniciado por Priscila (31/07/2014 11:11:52)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v34.0.1847.137 (Defaut)
OPIE: Opera vStable 21.0.1432.57

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.16

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 ActiveX
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3834 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 220 GB (73%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PRISCILA-PC
~ User Name: Priscila
~ All Users Names: Priscila, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Priscila\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Priscila\AppData\Roaming\
~ %Desktop% : C:\Users\Priscila\Desktop\
~ %Favorites% : C:\Users\Priscila\Favorites\
~ %LocalAppData% : C:\Users\Priscila\AppData\Local\
~ %StartMenu% : C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 220 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/3485
~ Mes musiques (My Musics) : 20/138
~ Mes Videos (My Videos) : 1/444
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 2/77
~ Mon Bureau (My Desktop) : 1/6395
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 25s

---\\ Processos lançados
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2072]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.3224]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3404]
[MD5.35FD33EAE23AF69715EE3231A9F15B82] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [37232] [PID.3480]
[MD5.0FE0EDF01CEA3BEB2E65A904BB87525E] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [640376] [PID.3792]
[MD5.B3593D56E802DE2C61B755B85669B2B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8083968] [PID.3676]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1328]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1784]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1828]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.1940]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.112]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.1172]
~ Processes Running: Scanned in 00mn 01s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 20 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe Acrobat Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4CD9A8D-619A-4540-A280-0855F060209B}: DhcpNameServer = 187.122.188.101 187.122.188.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{D4CD9A8D-619A-4540-A280-0855F060209B}: DhcpNameServer = 187.122.188.101 187.122.188.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{D4CD9A8D-619A-4540-A280-0855F060209B}: DhcpNameServer = 187.122.188.101 187.122.188.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.122.188.101 187.122.188.109
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3583190713-4147522422-438133965-1000Core [918]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3583190713-4147522422-438133965-1000UA [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3583190713-4147522422-438133965-1000Core [1038]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3583190713-4147522422-438133965-1000UA [1090]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 10s

---\\ Software instalados (042)
O42 - Logiciel: Ares 2.2.5 - (.Seekar Ltd.) [HKLM][64Bits] -- Ares
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: iba e-books - (.iba.) [HKCU][64Bits] -- 3f68513fb1bc7c45
~ Logic: 27 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\GbAs]
[HKCU\Software\Shortcut_Module]
[HKLM\Software\Shortcut_Module]
[HKLM\Software\Wow6432Node\Liangzhu]
[HKLM\Software\Wow6432Node\Shortcut_Module]
~ Key Software: 200 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/07/2014 - 02:02:05 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 31/07/2014 - 10:43:11 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 04/04/2014 - 10:03:11 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 30/03/2014 - 22:38:53 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 18/03/2014 - 08:44:59 - [] ----D C:\ProgramData\VIVO INTERNET
O43 - CFD: 22/03/2014 - 09:28:59 - [] ----D C:\Users\Priscila\AppData\Roaming\br.com.abril.iba.ebooks
O43 - CFD: 26/09/2013 - 15:31:44 - [] ----D C:\Users\Priscila\AppData\Roaming\VIVO INTERNET
O43 - CFD: 31/10/2013 - 14:47:36 - [] ----D C:\Users\Priscila\AppData\Local\Ares
O43 - CFD: 26/07/2014 - 13:02:33 - [0] ----D C:\Users\Priscila\AppData\Local\com
O43 - CFD: 22/03/2014 - 09:28:53 - [] ----D C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iba
O43 - CFD: 04/04/2014 - 10:01:49 - [] ----D C:\Users\Priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 147 Legitimates Filtered in 00mn 02s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D95E64416A4A3ED6986E0F474DA934BD] - 26/07/2014 - 11:21:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.DD340722EDDB17C44D75FD59943E1EB1] - 30/07/2014 - 15:31:27 ----- . (...) -- C:\Shortcut_Module.txt [53446]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/07/2014 - 23:27:34 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.57C59E3A63F913F8A6E342FC7AB0478E] - 30/07/2014 - 23:49:37 ---A- . (...) -- C:\zoek-results.log [20161]
~ Files: 74 Legitimates Filtered in 00mn 23s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{21b754cd-1ae3-11e3-b40d-544249313667}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{21b754da-1ae3-11e3-b40d-544249313667}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{424ffcd7-ae91-11e3-afa0-544249313667}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{424ffce5-ae91-11e3-afa0-544249313667}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{eba1cfbf-1bcb-11e3-b58b-544249313667}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{eba1cfe9-1bcb-11e3-b58b-544249313667}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{fe21760c-211e-11e3-9d70-544249313667}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:26/07/2014 - 11:21:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:26/07/2014 - 11:21:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:26/07/2014 - 11:21:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:07/05/2014 - 01:09:23 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [55616]
O58 - SDL:07/05/2014 - 01:09:26 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [37696]
O58 - SDL:07/05/2014 - 01:09:34 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex64.sys [91648]
O58 - SDL:07/05/2014 - 01:09:35 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef64.sys [70944]
O58 - SDL:14/04/2014 - 23:30:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [142624]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 77 Legitimates Filtered in 00mn 09s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 26/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 96 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Priscila\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B653DD91D5D6E519D3357A80A15A5DFB] [SPRF][26/07/2014] (...) -- C:\Users\Priscila\Desktop\AdwCleaner.exe [1354223]
[MD5.8BDC919849E422354B6CB5321E166D04] [SPRF][26/07/2014] (.No owner - Shortcut_Module.) -- C:\Users\Priscila\Desktop\Shortcut_Module.exe [2678272]
[MD5.B6F3EFF7F38D65A0C54B11A675173300] [SPRF][30/07/2014] (...) -- C:\Users\Priscila\Desktop\zoek.exe [1287168]
~ Files: 5 Legitimates Filtered in 00mn 11s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 26/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 15/05/2014 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 13/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 08/07/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/06/2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 26/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 14s

---\\ Scâner Aditional (088)
Database Version : 13026 - (30/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 296261 Items scanned in 01mn 07s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s

~ 785 Legitimates filtered by white list
End of the scan (419 lines in 03mn 46s)(0)

por **Power Max** Qui 31 Jul 2014, 15:02

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

baidu - Notebook mais bixado das galáxias!Direito a Baidu etc.. 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por natanalves Qui 31 Jul 2014, 15:18

Rapport de ZHPFix 2014.7.27.5 par Nicolas Coolman, Update du 27/07/2014
Fichier d'export Registre :
Run by Priscila at 31/07/2014 15:16:59
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 11s)
Reparação de atalhos do navegador

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bnbasex64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bndef64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (690) (331.136.821 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
6 : Valores do Registo
1 : Pastas
7 : Ficheiros
1 : Restauração Sistema

End of clean in 00mn 52s

========== Caminho do ficheiro do relatório ==========
C:\Users\Priscila\AppData\Roaming\ZHP\ZHPFix[R1].txt - 31/07/2014 10:43:35 [2874]
C:\Users\Priscila\AppData\Roaming\ZHP\ZHPFix[R2].txt - 31/07/2014 15:17:10 [1429]

por **Power Max** Qui 31 Jul 2014, 16:17

Como está o PC?

por natanalves Qui 31 Jul 2014, 21:56

Está bem melhor!

Tem mais algo que eu possa fazer para melhorar? Quer mais algum relatório? Alguma dica? ^^

Obrigado mesmo ^^

por Conteúdo patrocinado

Notebook mais bixado das galáxias!Direito a Baidu etc..

Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

(RESOLVIDO) Notebook mais bixado das galáxias! Ajuda! Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

(RESOLVIDO) Notebook mais bixado das galáxias! Ajuda! Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

(RESOLVIDO) Notebook mais bixado das galáxias! Ajuda! Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Re: Notebook mais bixado das galáxias!Direito a Baidu etc..

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31