movie mode

Ola, ja li e baixei tudo sobre a remoção do Movie Mode mas nada funciona, adwcleaner e malwarebytes remove mas volta. alguem pode ajudae?

Olá. Poste aqui no tópico, por gentileza, os relatórios dos programas que você usou para podermos analisar.

~ Relatório do ZHPDiag v2014.8.3.113 - Nicolas Coolman (03/08/2014)
~ Iniciado por d (04/08/2014 11:32:27)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4744
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W8 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 65

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8077 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 249 GB (43%) free of 579 GB

---\\ Modo de conexão ao sistema
~ Computer Name: D
~ User Name: d
~ All Users Names: HomeGroupUser$, d, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\d\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\d\AppData\Roaming\
~ %Desktop% : C:\Users\d\Desktop\
~ %Favorites% : C:\Users\d\Favorites\
~ %LocalAppData% : C:\Users\d\AppData\Local\
~ %StartMenu% : C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 249 Go of 579 Go)
D: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 18 Go of 98 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/12/2013 - 05:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 09:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.14/11/2013 - 04:15:38.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/7
~ Mes musiques (My Musics) : 1/1356
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 2/10616
~ Mon Bureau (My Desktop) : 2/18
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 05s



---\\ Processos lançados
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.3432]
[MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848] [PID.6320]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.7876]
[MD5.A0012C1D9B8648C20C00202418B9D02F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712] [PID.4812]
[MD5.B7BCA8A30CE13A283CDBDECEF5616C39] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192] [PID.7940]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.7284]
[MD5.97202E9C0D86387888435470CCAF45BE] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [192000] [PID.6384]
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224] [PID.2972]
[MD5.57A8250F3942BCB188E11D22CA42A249] - (.Postbox, Inc. - Postbox.) -- C:\Program Files (x86)\Postbox\postbox.exe [1081344] [PID.1280]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.9000]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.8768]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.3720]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.6532]
[MD5.1425E5356CA84583CBE65B456A0AE97A] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088] [PID.6680]
[MD5.29769215DEB6E8418EF3656B0423776E] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352] [PID.3180]
[MD5.E177D510084CD9688A2B958AB765BF66] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [893312] [PID.7296]
[MD5.4D4A404F08012AD3C2F5753D37F5AE21] - (.Google - Hangouts Plugin.) -- C:\Users\d\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe [64384] [PID.7912]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.6260]
[MD5.EE7C82B0D69F038245CECBCE9EC45A9A] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\SysWOW64\DllHost.exe [17760] [PID.6592]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6492]
[MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.8360]
[MD5.192FFD3F99A0847740670AE711CB455A] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe [1869488] [PID.6276]
[MD5.AAB9A24EC7199F18D588AA8BF705D345] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8084992] [PID.6464]
[MD5.A0EFD62D293126E60A56EA90AB9858E5] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [555048] [PID.1212]
[MD5.D01D1B40EEF27F64B45165CE0ACDE6CD] - (.ASUSTek Computer Inc. - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880] [PID.1788]
[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1816]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1116]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1352]
[MD5.809201993B2CD679194915D8F2AAB37A] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328] [PID.2000]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.3032]
[MD5.E145E934392E7A49FDC6775AC3A347F8] - (.Intel Corporation - Intel(R) Rapid Start Technology Service.) -- C:\Windows\SysWOW64\irstrtsv.exe [193576] [PID.3692]
[MD5.78ABBE558F57144047F10A0F50FE4B2F] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720] [PID.3708]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.3728]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.3860]
[MD5.903A40C958D471F9D30D29FA6D2800A4] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304] [PID.1364]
[MD5.BA443FEFCF0C7E0AE441E0F21CCBD715] - (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [75680] [PID.4108]
[MD5.03CD249A16CF815FFFD347DC61EF9E6D] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584] [PID.4172]
[MD5.ABBECBCF1817D1158ED388460CCEE416] - (.GenTechnologies Apps, LLC - MovieMode Service.) -- C:\ProgramData\GRjPBCSHQ\JHKdiu.exe [2315632] [PID.4248] =>PUP.MovieMode
[MD5.9656F8E29F6C3161A3E99BCD3A472FF9] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856] [PID.7336]
[MD5.2C24DC448DBE8DB9BE1441B824C57E79] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277824] [PID.7340]
[MD5.E1A119AD21F5AFE22EB516C549306D3D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [365376] [PID.3604]
[MD5.AC68B12E9B314F708730FE0399791D9C] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [184704] [PID.3608]
[MD5.4F870EF9292559AB9DE6F31527A1DCBF] - (.ASUSTek Computer Inc. - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113312] [PID.6612]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kgmpojlddncminmkddkpoegdjhojjipg] GBBD Guardião - Itaú 30 horas v.3.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [niloccemoadcdkdjlinkgdfekeahmflj] Save to Pocket v.1.9.1, (Désactivé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 21 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: Extension [d - ne03hk7r.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
M2 - MFEP: Extension [d - vayrsjux.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [d]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [ACMON] . (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [ATLauncher] C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [ATUninstallIcon] C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [PDFPrint] . (.Geek Software GmbH - PDF24 Creator.) -- C:\Program Files (x86)\PDF24\pdf24.exe
O4 - HKLM\..\Wow6432Node\Run: [wdbraz_certm] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CS1\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.128.109 201.17.128.103
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 340.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: JHKdiu (JHKdiu) . (.GenTechnologies Apps, LLC - MovieMode Service.) - C:\ProgramData\GRjPBCSHQ\JHKdiu.exe =>PUP.MovieMode
O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
~ Services: 25 Legitimates Filtered in 00mn 08s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002Core [1028]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002UA [1080]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 03s



---\\ Software instalados (042)
O42 - Logiciel: BBAdminTool - (.Watchdata Technologies Pte., Ltd..) [HKLM][64Bits] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Postbox (3.0.11) - (.Postbox, Inc..) [HKLM][64Bits] -- Postbox (3.0.11)
~ Logic: 28 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Postbox]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Postbox]
~ Key Software: 271 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/07/2014 - 17:24:46 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147
O43 - CFD: 22/07/2014 - 14:12:42 - [] ----D C:\Program Files (x86)\Brazil
O43 - CFD: 01/08/2014 - 12:40:53 - [] ----D C:\Program Files (x86)\nada
O43 - CFD: 04/06/2014 - 12:00:38 - [] ----D C:\Program Files (x86)\Postbox
O43 - CFD: 01/07/2014 - 18:25:24 - [] ----D C:\ProgramData\gbas
O43 - CFD: 22/07/2014 - 14:12:43 - [] ----D C:\ProgramData\GRjPBCSHQ
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Roaming\FreeFixer
O43 - CFD: 12/11/2013 - 16:46:44 - [] ----D C:\Users\d\AppData\Roaming\Postbox
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Local\FreeFixer
O43 - CFD: 04/08/2014 - 11:25:22 - [] ----D C:\Users\d\AppData\Local\MovieMode =>PUP.MovieMode
O43 - CFD: 01/02/2014 - 19:17:25 - [] ----D C:\Users\d\AppData\Local\Postbox
~ Program Folder: 186 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.53A6F942A2EAA86D1E494BDEAD968DE0] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [161438]
O44 - LFC:[MD5.7ACC6202B48AC5BE5B1335AD0FD0DC78] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [782326]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 03/08/2014 - 17:12:49 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.140E5D443072683B80E2DEBFD1E8D7B2] - 22/07/2014 - 15:57:57 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_22.07.2014_15.56.19_log.txt [252132]
O44 - LFC:[MD5.93B21BC7C5FAE0FB68C5EBD1A91DA816] - 29/07/2014 - 09:38:28 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_29.07.2014_09.37.28_log.txt [246658]
O44 - LFC:[MD5.592DE56E89F7BEA419E48C8AADD1FEE3] - 29/07/2014 - 11:19:51 ---A- . (...) -- C:\sc-cleaner.txt [1754]
~ Files: 32 Legitimates Filtered in 00mn 03s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:16/07/2014 - 10:05:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 76 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1C526C90611AFE2354D12F60FF3028D9] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407074518.bdinstall.bin [213404]
[MD5.B299D1482CFCF54C702C43B7865A284E] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078107.bdinstall.bin [37689]
[MD5.284CFC184F64C135BDDA2A503BEF1697] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078109.bdinstall.bin [98609]
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.3CF2C2F7FC07728536B532322AF61FF3] [SPRF][04/08/2014] (...) -- C:\Users\d\AppData\Roaming\sp_data.sys [408]
[MD5.405340FA354B90502508E8DAFF40E84D] [SPRF][31/07/2014] (...) -- C:\Users\d\AppData\Roaming\unins000.dat [48208]
[MD5.CA71C5755893DB3E394D3E9758BE56B3] [SPRF][03/08/2014] (...) -- C:\Users\d\Desktop\cc_20140803_113143.reg [12158]
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{966A4785-5028-453C-905F-367D78FBE471}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{780E8571-8A28-4340-AA2A-55BA872EFCFB}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/2014 3244048 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SS - | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 11/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 23/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 11/09/2012 106880 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 09/10/2012 219776 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 10/07/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/06/2014 555048 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 30/07/2012 193576 | (irstrtsv) . (.Intel Corporation.) - C:\Windows\SysWOW64\irstrtsv.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 13/07/2014 2315632 | (JHKdiu) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\GRjPBCSHQ\JHKdiu.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 09/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 09/12/2013 15129376 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 24/03/2011 75680 | (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd..) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 09/10/2012 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 06s



---\\ Scâner Aditional (088)
Database Version : 13026 - (03/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\JHKdiu] =>PUP.MovieMode^
C:\Users\d\AppData\Local\MovieMode =>PUP.MovieMode^
C:\ProgramData\GRjPBCSHQ\JHKdiu.exe =>PUP.MovieMode^
~ Additionnel Scan: 301308 Items scanned in 00mn 20s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 711 Legitimates filtered by white list
End of the scan (516 lines in 01mn 11s)(0)

# AdwCleaner v3.302 - Relatório criado 04/08/2014 às 11:37:09
# Atualizado 30/07/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : d -
# Executando de : C:\Users\d\Downloads\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Encontrado : C:\Users\d\Appdata\Local\MovieMode

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\d\Appdata\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default\prefs.js ]


[ Arquivo : C:\Users\d\Appdata\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1080 octets] - [03/08/2014 20:38:22]
AdwCleaner[R1].txt - [1201 octets] - [04/08/2014 11:26:06]
AdwCleaner[R2].txt - [1061 octets] - [04/08/2014 11:37:09]
AdwCleaner[S0].txt - [1136 octets] - [03/08/2014 20:39:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1181 octets] ##########

Poste o relatório do Adwcleaner que está em C:\AdwCleaner\AdwCleaner[S0].txt e também o relatório do Malwarebytes.

# AdwCleaner v3.302 - Relatório criado 03/08/2014 às 20:39:03
# Atualizado 30/07/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : d
# Executando de : C:\Users\d\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\d\Appdata\Local\MovieMode

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\d\Appdata\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default\prefs.js ]


[ Arquivo : C:\Users\d\Appdata\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1080 octets] - [03/08/2014 20:38:22]
AdwCleaner[S0].txt - [997 octets] - [03/08/2014 20:39:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1056 octets] ##########

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Scan Date: 04/08/2014
Scan Time: 12:16:50
Logfile: 040814.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.04.05
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: d

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305785
Time Elapsed: 12 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Adware.MovieMode, C:\ProgramData\GRjPBCSHQ\dat\BqfOaCXaxg.exe, Delete-on-Reboot, [93d7caf787f4ec4a038ccaa2af52fb05],
Adware.MovieMode, C:\ProgramData\GRjPBCSHQ\dat\JjcDVuNEwTO.exe, Delete-on-Reboot, [b6b4eed397e495a1f6991b512ad74fb1],
PUP.Optional.MovieMode.A, C:\ProgramData\GRjPBCSHQ\dat\MTqKYrmSdS.dll, Delete-on-Reboot, [2644e7dab6c5ad89cc10109df60e6f91],

Physical Sectors: 0
(No malicious items detected)


(end)

é isso? obrigada

No Malwarebytes você usou só a verificação de ameaças, que não é tão completa. Siga as dicas abaixo para fazer a limpeza completa:

Alterando o idioma do Malwarebytes para o português:

Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na próxima tela que surge, clique em Language e selecione a opção Portugueze (Brazil):

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
___________________________________________________________________________

Como executar uma verificação personalizada com o Malwarebytes:

- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:

Verificar Objetos na Memória
Verificar as Configurações da Inicialização e do Registro
Verificar Arquivos Compactados

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).

Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.

desculpe a demora

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 04/08/2014
Hora da Verificação: 14:16:28
Logfile: mw.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.08.04.05
Rootkit Database: v2014.08.01.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado

OS: Windows 8.1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: d

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 500421
Tempo Decorrido: 1 hr, 29 min, 30 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 0
(No malicious items detected)

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 3
Adware.MovieMode, C:\ProgramData\GRjPBCSHQ\dat\GZvkqloE.exe, Delete-on-Reboot, [6b2af3cf13688fa79af54824b051ae52],
PUP.Optional.MovieMode.A, C:\ProgramData\GRjPBCSHQ\dat\IvxjtLOx.dll, Delete-on-Reboot, [9df85072a6d578be35a7ffaeba4a50b0],
Adware.MovieMode, C:\ProgramData\GRjPBCSHQ\dat\OylwMU.exe, Delete-on-Reboot, [9203b50d5c1f77bf8d021d4f44bd47b9],

Physical Sectors: 0
(No malicious items detected)


(end)

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 04-August-2014
Tool run by d on 04/08/2014 at 16:24:27,22.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\d\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

04/08/2014 16:25:31 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\d\AppData\Roaming\Postbox\Profiles\b89x6irm.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\d\AppData\Roaming\Postbox\Profiles\b89x6irm.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\d\AppData\Roaming\Thunderbird\Profiles\edikt008.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\d\AppData\Roaming\Thunderbird\Profiles\edikt008.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\d\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [31/07/2014 16:24]

==== Firefox Extensions ======================

ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Users\d\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\d\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\d\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

Profilepath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Users\d\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\d\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\d\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
B52EFEC8EEF9A7809376795ED3699826 - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
BE77CDD303A624DA42094FB1AEFBEAFE - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
1528225A7126F04A5797471E4F20256D - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas
7B448B2B45428218D0D87376A2FF9FC2 - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chrome Look ======================

Google Docs - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
GBBD Guardião - Itaú 30 horas - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Save to Pocket - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Google Wallet - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\d\Desktop\chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\d\Desktop\Dropbox.lnk - C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\d\Desktop\firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\d\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\d\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\d\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\d\Desktop\µTorrent.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Creative Cloud.lnk - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\ASUS Install.lnk - C:\eSupport\eDriver\AsInsWiz.exe
C:\Users\Public\Desktop\ASUS Instant Connect Installer.lnk - C:\windows\Installer\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}\_77CD0D17CE4BC69D3FCD39.exe
C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 3510 series\Bin\HP Deskjet 3510 series.exe -Start UDCDevicePage
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Postbox.lnk - C:\Program Files (x86)\Postbox\postbox.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\ASUS\Business tool\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\ASUS\Entertainment\LifeFrame.lnk - C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe
C:\Users\Public\Desktop\ASUS\Multimedia\ASUSDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe
C:\Users\Public\Desktop\ASUS\System tool\ASUS InstantOn.lnk - C:\Windows\Installer\{749F674B-2674-47E8-879C-5626A06B2A91}\_1571D74E05115953184676.exe
C:\Users\Public\Desktop\ASUS\System tool\ASUS On-Screen Display.lnk - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSDMgr.exe
C:\Users\Public\Desktop\ASUS\System tool\Power4Gear Hybrid.lnk - C:\Windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_A1AB703A028E391D0E1CDC.exe
C:\Users\Public\Desktop\ASUS\System tool\Splendid Utility.Lnk - C:\Program Files (x86)\ASUS\Splendid\Backbone.exe

==== shortcuts in Users Start Menu ======================

C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe /help
C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk - C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk - C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Postbox.lnk - C:\Program Files (x86)\Postbox\postbox.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\EXCEL.EXE
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Postbox (2).lnk - C:\Program Files (x86)\Postbox\postbox.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Postbox (3).lnk - C:\Program Files (x86)\Postbox\postbox.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Postbox.lnk - C:\Program Files (x86)\Postbox\postbox.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\WINDOWS\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\WINWORD.EXE
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\d\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\d\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\d\AppData\Local\Mozilla\Firefox\Profiles\vayrsjux.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=89 folders=13 71496541 bytes)

==== Empty Temp Folders ======================

C:\Users\d\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\d\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 04/08/2014 at 16:49:13,63 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

olha o relatorio é esse, mas só de abrir o browser o Malwarebytes ja apontou movie mode

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Single Language x64
Ran by d on 04/08/2014 at 17:16:05,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/08/2014 at 17:22:41,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Execute novamente o ZHPDIAG e poste um novo relatório dele. Amanhã te passo o próximo procedimento, pois agora estou no celular.

obrigada, power max

~ Relatório do ZHPDiag v2014.8.3.113 - Nicolas Coolman (03/08/2014)
~ Iniciado por d (04/08/2014 17:29:46)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4744
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W8 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 65

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8077 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 249 GB (42%) free of 579 GB

---\\ Modo de conexão ao sistema
~ Computer Name: D
~ User Name: d
~ All Users Names: HomeGroupUser$, d, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\d\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\d\AppData\Roaming\
~ %Desktop% : C:\Users\d\Desktop\
~ %Favorites% : C:\Users\d\Favorites\
~ %LocalAppData% : C:\Users\d\AppData\Local\
~ %StartMenu% : C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 249 Go of 579 Go)
D: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 18 Go of 98 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/12/2013 - 05:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 09:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.14/11/2013 - 04:15:38.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/7
~ Mes musiques (My Musics) : 1/1356
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 2/10617
~ Mon Bureau (My Desktop) : 2/17
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 05s



---\\ Processos lançados
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.4432]
[MD5.A0EFD62D293126E60A56EA90AB9858E5] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [555048] [PID.1224]
[MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848] [PID.4556]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.4580]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.4956]
[MD5.A0012C1D9B8648C20C00202418B9D02F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712] [PID.4484]
[MD5.29769215DEB6E8418EF3656B0423776E] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352] [PID.5204]
[MD5.B7BCA8A30CE13A283CDBDECEF5616C39] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192] [PID.6240]
[MD5.97202E9C0D86387888435470CCAF45BE] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [192000] [PID.6640]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.6160]
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224] [PID.6620]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.5928]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.6736]
[MD5.1425E5356CA84583CBE65B456A0AE97A] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088] [PID.6400]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.3400]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.7132]
[MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4036]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.6336]
[MD5.AAB9A24EC7199F18D588AA8BF705D345] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8084992] [PID.4972]
[MD5.D01D1B40EEF27F64B45165CE0ACDE6CD] - (.ASUSTek Computer Inc. - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880] [PID.1816]
[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1848]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1672]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1772]
[MD5.809201993B2CD679194915D8F2AAB37A] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328] [PID.2064]
[MD5.E145E934392E7A49FDC6775AC3A347F8] - (.Intel Corporation - Intel(R) Rapid Start Technology Service.) -- C:\Windows\SysWOW64\irstrtsv.exe [193576] [PID.2244]
[MD5.78ABBE558F57144047F10A0F50FE4B2F] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720] [PID.2260]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2280]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2468]
[MD5.903A40C958D471F9D30D29FA6D2800A4] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304] [PID.2512]
[MD5.BA443FEFCF0C7E0AE441E0F21CCBD715] - (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [75680] [PID.2704]
[MD5.03CD249A16CF815FFFD347DC61EF9E6D] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584] [PID.2764]
[MD5.ABBECBCF1817D1158ED388460CCEE416] - (.GenTechnologies Apps, LLC - MovieMode Service.) -- C:\ProgramData\GRjPBCSHQ\JHKdiu.exe [2315632] [PID.2808] =>PUP.MovieMode
[MD5.AC68B12E9B314F708730FE0399791D9C] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [184704] [PID.4388]
[MD5.4F870EF9292559AB9DE6F31527A1DCBF] - (.ASUSTek Computer Inc. - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113312] [PID.4896]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.6004]
[MD5.9656F8E29F6C3161A3E99BCD3A472FF9] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856] [PID.6968]
[MD5.2C24DC448DBE8DB9BE1441B824C57E79] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277824] [PID.4808]
[MD5.E1A119AD21F5AFE22EB516C549306D3D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [365376] [PID.3380]
[MD5.35C4B10F6BE9D2A375F153895D046FC1] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048] [PID.6200]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: Extension [d - ne03hk7r.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
M2 - MFEP: Extension [d - vayrsjux.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [d]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [ACMON] . (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [ATLauncher] C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [ATUninstallIcon] C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [PDFPrint] . (.Geek Software GmbH - PDF24 Creator.) -- C:\Program Files (x86)\PDF24\pdf24.exe
O4 - HKLM\..\Wow6432Node\Run: [wdbraz_certm] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CS1\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.128.109 201.17.128.103
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 340.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: JHKdiu (JHKdiu) . (.GenTechnologies Apps, LLC - MovieMode Service.) - C:\ProgramData\GRjPBCSHQ\JHKdiu.exe =>PUP.MovieMode
O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
~ Services: 25 Legitimates Filtered in 00mn 09s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002Core [1028]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002UA [1080]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s



---\\ Software instalados (042)
O42 - Logiciel: BBAdminTool - (.Watchdata Technologies Pte., Ltd..) [HKLM][64Bits] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Postbox (3.0.11) - (.Postbox, Inc..) [HKLM][64Bits] -- Postbox (3.0.11)
~ Logic: 28 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Postbox]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Postbox]
~ Key Software: 271 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/07/2014 - 17:24:46 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147
O43 - CFD: 22/07/2014 - 14:12:42 - [] ----D C:\Program Files (x86)\Brazil
O43 - CFD: 01/08/2014 - 12:40:53 - [] ----D C:\Program Files (x86)\nada
O43 - CFD: 04/06/2014 - 12:00:38 - [] ----D C:\Program Files (x86)\Postbox
O43 - CFD: 01/07/2014 - 18:25:24 - [] ----D C:\ProgramData\gbas
O43 - CFD: 22/07/2014 - 14:12:43 - [] ----D C:\ProgramData\GRjPBCSHQ
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Roaming\FreeFixer
O43 - CFD: 12/11/2013 - 16:46:44 - [] ----D C:\Users\d\AppData\Roaming\Postbox
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Local\FreeFixer
O43 - CFD: 01/02/2014 - 19:17:25 - [] ----D C:\Users\d\AppData\Local\Postbox
~ Program Folder: 185 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.53A6F942A2EAA86D1E494BDEAD968DE0] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [161438]
O44 - LFC:[MD5.7ACC6202B48AC5BE5B1335AD0FD0DC78] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [782326]
O44 - LFC:[MD5.ED3FDFF34FA902AA174A4AA6F7C918E5] - 04/08/2014 - 12:31:14 ---A- . (...) -- C:\0408.txt [1324]
O44 - LFC:[MD5.092845FBDE00911AA5E56D32EDF9CA8C] - 04/08/2014 - 12:39:37 ---A- . (...) -- C:\040814.txt [1374]
O44 - LFC:[MD5.820C3E28E403333917EBD1353342557F] - 04/08/2014 - 15:48:18 ---A- . (...) -- C:\0408completo.txt [1424]
O44 - LFC:[MD5.F023145C721E0840D271052914C428ED] - 04/08/2014 - 15:57:01 ---A- . (...) -- C:\mw.txt [1462]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 04/08/2014 - 16:24:16 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.BDA9BFBEA21964B102022EBED4732A7C] - 04/08/2014 - 16:49:13 ---A- . (...) -- C:\zoek-results.log [24628]
O44 - LFC:[MD5.140E5D443072683B80E2DEBFD1E8D7B2] - 22/07/2014 - 15:57:57 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_22.07.2014_15.56.19_log.txt [252132]
O44 - LFC:[MD5.93B21BC7C5FAE0FB68C5EBD1A91DA816] - 29/07/2014 - 09:38:28 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_29.07.2014_09.37.28_log.txt [246658]
O44 - LFC:[MD5.592DE56E89F7BEA419E48C8AADD1FEE3] - 29/07/2014 - 11:19:51 ---A- . (...) -- C:\sc-cleaner.txt [1754]
~ Files: 37 Legitimates Filtered in 00mn 02s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:16/07/2014 - 10:05:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 76 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1C526C90611AFE2354D12F60FF3028D9] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407074518.bdinstall.bin [213404]
[MD5.B299D1482CFCF54C702C43B7865A284E] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078107.bdinstall.bin [37689]
[MD5.284CFC184F64C135BDDA2A503BEF1697] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078109.bdinstall.bin [98609]
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.3CF2C2F7FC07728536B532322AF61FF3] [SPRF][04/08/2014] (...) -- C:\Users\d\AppData\Roaming\sp_data.sys [408]
[MD5.405340FA354B90502508E8DAFF40E84D] [SPRF][31/07/2014] (...) -- C:\Users\d\AppData\Roaming\unins000.dat [48208]
[MD5.CA71C5755893DB3E394D3E9758BE56B3] [SPRF][03/08/2014] (...) -- C:\Users\d\Desktop\cc_20140803_113143.reg [12158]
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{966A4785-5028-453C-905F-367D78FBE471}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{780E8571-8A28-4340-AA2A-55BA872EFCFB}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 11/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 23/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 11/09/2012 106880 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 09/10/2012 219776 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 10/07/2014 3244048 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SR - | Auto 10/07/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/06/2014 555048 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 30/07/2012 193576 | (irstrtsv) . (.Intel Corporation.) - C:\Windows\SysWOW64\irstrtsv.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 13/07/2014 2315632 | (JHKdiu) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\GRjPBCSHQ\JHKdiu.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 09/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 09/12/2013 15129376 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 24/03/2011 75680 | (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd..) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 09/10/2012 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 06s



---\\ Scâner Aditional (088)
Database Version : 13026 - (03/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\JHKdiu] =>PUP.MovieMode^
C:\ProgramData\GRjPBCSHQ\JHKdiu.exe =>PUP.MovieMode^
~ Additionnel Scan: 301153 Items scanned in 00mn 26s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 715 Legitimates filtered by white list
End of the scan (512 lines in 01mn 16s)(0)

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
______________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Run by d at 05/08/2014 09:23:19
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\ProgramData\GRjPBCSHQ\JHKdiu.exe

========== Chaves do Registo ==========
ELIMINÉ: Service: JHKdiu

========== Valores do Registo ==========
ELIMINÉ RunValue: DptfPolicyLpmServiceHelper
ELIMINÉ RunValue: ATLauncher
ELIMINÉ RunValue: ATUninstallIcon

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\programdata\grjpbcshq\jhkdiu.exe
ELIMINÉ:** c:\programdata\grjpbcshq\jhkdiu.exe
ELIMINÉ Temporários windows (144) (10.410.911 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Processo memória
1 : Chaves do Registo
3 : Valores do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 09s

========== Caminho do ficheiro do relatório ==========
C:\Users\d\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/08/2014 09:23:22 [1276]

Reinicie o PC para a limpeza ser completada.

Depois de reiniciar o computador, faça o seguinte:

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.8.3.113 - Nicolas Coolman (03/08/2014)
~ Iniciado por d (05/08/2014 09:36:47)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4744
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W8 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 65

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8077 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 249 GB (42%) free of 579 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DANIAZZI
~ User Name: d
~ All Users Names: HomeGroupUser$, d, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\d\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\d\AppData\Roaming\
~ %Desktop% : C:\Users\d\Desktop\
~ %Favorites% : C:\Users\d\Favorites\
~ %LocalAppData% : C:\Users\d\AppData\Local\
~ %StartMenu% : C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 249 Go of 579 Go)
D: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 18 Go of 98 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/12/2013 - 05:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 09:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.14/11/2013 - 04:15:38.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/7
~ Mes musiques (My Musics) : 1/1356
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 2/10617
~ Mon Bureau (My Desktop) : 2/18
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 11s



---\\ Processos lançados
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.7648]
[MD5.29769215DEB6E8418EF3656B0423776E] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352] [PID.1984]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.7880]
[MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848] [PID.7332]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.4432]
[MD5.A0012C1D9B8648C20C00202418B9D02F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712] [PID.5752]
[MD5.B7BCA8A30CE13A283CDBDECEF5616C39] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192] [PID.4668]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.5732]
[MD5.97202E9C0D86387888435470CCAF45BE] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [192000] [PID.8740]
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224] [PID.2892]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.1092]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.1316]
[MD5.1425E5356CA84583CBE65B456A0AE97A] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088] [PID.5184]
[MD5.57A8250F3942BCB188E11D22CA42A249] - (.Postbox, Inc. - Postbox.) -- C:\Program Files (x86)\Postbox\postbox.exe [1081344] [PID.2912]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.5928]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3952]
[MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.5596]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.600]
[MD5.AAB9A24EC7199F18D588AA8BF705D345] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8084992] [PID.7604]
[MD5.A0EFD62D293126E60A56EA90AB9858E5] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [555048] [PID.1224]
[MD5.D01D1B40EEF27F64B45165CE0ACDE6CD] - (.ASUSTek Computer Inc. - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880] [PID.1816]
[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1848]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1672]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1772]
[MD5.809201993B2CD679194915D8F2AAB37A] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328] [PID.2064]
[MD5.E145E934392E7A49FDC6775AC3A347F8] - (.Intel Corporation - Intel(R) Rapid Start Technology Service.) -- C:\Windows\SysWOW64\irstrtsv.exe [193576] [PID.2244]
[MD5.78ABBE558F57144047F10A0F50FE4B2F] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720] [PID.2260]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2280]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2468]
[MD5.903A40C958D471F9D30D29FA6D2800A4] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304] [PID.2512]
[MD5.BA443FEFCF0C7E0AE441E0F21CCBD715] - (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [75680] [PID.2704]
[MD5.03CD249A16CF815FFFD347DC61EF9E6D] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584] [PID.2764]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.6004]
[MD5.9656F8E29F6C3161A3E99BCD3A472FF9] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856] [PID.6968]
[MD5.2C24DC448DBE8DB9BE1441B824C57E79] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277824] [PID.4808]
[MD5.E1A119AD21F5AFE22EB516C549306D3D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [365376] [PID.3380]
[MD5.35C4B10F6BE9D2A375F153895D046FC1] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048] [PID.6200]
[MD5.AC68B12E9B314F708730FE0399791D9C] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [184704] [PID.7836]
[MD5.4F870EF9292559AB9DE6F31527A1DCBF] - (.ASUSTek Computer Inc. - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113312] [PID.6904]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: Extension [d - ne03hk7r.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
M2 - MFEP: Extension [d - vayrsjux.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [d]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [ACMON] . (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [PDFPrint] . (.Geek Software GmbH - PDF24 Creator.) -- C:\Program Files (x86)\PDF24\pdf24.exe
O4 - HKLM\..\Wow6432Node\Run: [wdbraz_certm] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CS1\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.128.109 201.17.128.103
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 340.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
~ Services: 24 Legitimates Filtered in 00mn 09s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002Core [1028]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002UA [1080]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s



---\\ Software instalados (042)
O42 - Logiciel: BBAdminTool - (.Watchdata Technologies Pte., Ltd..) [HKLM][64Bits] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Postbox (3.0.11) - (.Postbox, Inc..) [HKLM][64Bits] -- Postbox (3.0.11)
~ Logic: 28 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Postbox]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Postbox]
~ Key Software: 272 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/07/2014 - 14:12:42 - [] ----D C:\Program Files (x86)\Brazil
O43 - CFD: 01/08/2014 - 12:40:53 - [] ----D C:\Program Files (x86)\nada
O43 - CFD: 04/06/2014 - 12:00:38 - [] ----D C:\Program Files (x86)\Postbox
O43 - CFD: 01/07/2014 - 18:25:24 - [] ----D C:\ProgramData\gbas
O43 - CFD: 05/08/2014 - 09:23:18 - [] ----D C:\ProgramData\GRjPBCSHQ
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Roaming\FreeFixer
O43 - CFD: 12/11/2013 - 16:46:44 - [] ----D C:\Users\d\AppData\Roaming\Postbox
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Local\FreeFixer
O43 - CFD: 05/08/2014 - 09:04:52 - [] ----D C:\Users\d\AppData\Local\MovieMode =>PUP.MovieMode
O43 - CFD: 01/02/2014 - 19:17:25 - [] ----D C:\Users\d\AppData\Local\Postbox
~ Program Folder: 187 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.53A6F942A2EAA86D1E494BDEAD968DE0] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [161438]
O44 - LFC:[MD5.7ACC6202B48AC5BE5B1335AD0FD0DC78] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [782326]
O44 - LFC:[MD5.ED3FDFF34FA902AA174A4AA6F7C918E5] - 04/08/2014 - 12:31:14 ---A- . (...) -- C:\0408.txt [1324]
O44 - LFC:[MD5.092845FBDE00911AA5E56D32EDF9CA8C] - 04/08/2014 - 12:39:37 ---A- . (...) -- C:\040814.txt [1374]
O44 - LFC:[MD5.820C3E28E403333917EBD1353342557F] - 04/08/2014 - 15:48:18 ---A- . (...) -- C:\0408completo.txt [1424]
O44 - LFC:[MD5.F023145C721E0840D271052914C428ED] - 04/08/2014 - 15:57:01 ---A- . (...) -- C:\mw.txt [1462]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 04/08/2014 - 16:24:16 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.BDA9BFBEA21964B102022EBED4732A7C] - 04/08/2014 - 16:49:13 ---A- . (...) -- C:\zoek-results.log [24628]
O44 - LFC:[MD5.140E5D443072683B80E2DEBFD1E8D7B2] - 22/07/2014 - 15:57:57 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_22.07.2014_15.56.19_log.txt [252132]
O44 - LFC:[MD5.93B21BC7C5FAE0FB68C5EBD1A91DA816] - 29/07/2014 - 09:38:28 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_29.07.2014_09.37.28_log.txt [246658]
O44 - LFC:[MD5.592DE56E89F7BEA419E48C8AADD1FEE3] - 29/07/2014 - 11:19:51 ---A- . (...) -- C:\sc-cleaner.txt [1754]
~ Files: 37 Legitimates Filtered in 00mn 12s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:16/07/2014 - 10:05:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 76 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1C526C90611AFE2354D12F60FF3028D9] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407074518.bdinstall.bin [213404]
[MD5.B299D1482CFCF54C702C43B7865A284E] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078107.bdinstall.bin [37689]
[MD5.284CFC184F64C135BDDA2A503BEF1697] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078109.bdinstall.bin [98609]
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.3CF2C2F7FC07728536B532322AF61FF3] [SPRF][05/08/2014] (...) -- C:\Users\d\AppData\Roaming\sp_data.sys [408]
[MD5.405340FA354B90502508E8DAFF40E84D] [SPRF][31/07/2014] (...) -- C:\Users\d\AppData\Roaming\unins000.dat [48208]
[MD5.CA71C5755893DB3E394D3E9758BE56B3] [SPRF][03/08/2014] (...) -- C:\Users\d\Desktop\cc_20140803_113143.reg [12158]
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{966A4785-5028-453C-905F-367D78FBE471}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{780E8571-8A28-4340-AA2A-55BA872EFCFB}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 11/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 23/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 11/09/2012 106880 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 09/10/2012 219776 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 10/07/2014 3244048 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SR - | Auto 10/07/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/06/2014 555048 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 30/07/2012 193576 | (irstrtsv) . (.Intel Corporation.) - C:\Windows\SysWOW64\irstrtsv.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 09/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 09/12/2013 15129376 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 24/03/2011 75680 | (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd..) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/10/2012 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 06s



---\\ Scâner Aditional (088)
Database Version : 13026 - (03/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
C:\Users\d\AppData\Local\MovieMode =>PUP.MovieMode^
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
~ Additionnel Scan: 301256 Items scanned in 00mn 26s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 717 Legitimates filtered by white list
End of the scan (509 lines in 01mn 36s)(0)

acho que deu certo, power max
  :rindo_atoa: 

 Ainda há programas desnecessários iniciando junto com o Windows. Para corrigir isto, seria importante seguir aquele tutorial que te passei.
______________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by d at 05/08/2014 09:56:16
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (17) (98.880 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 05s

========== Caminho do ficheiro do relatório ==========
C:\Users\d\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/08/2014 09:23:22 [1352]
C:\Users\d\AppData\Roaming\ZHP\ZHPFix[R2].txt - 05/08/2014 09:56:20 [845]

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by d (administrator) on D on 05-08-2014 10:06:38
Running from C:\Users\d\Downloads
Platform: Windows 8.1 Single Language (X64) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Nicolas Coolman) C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Postbox, Inc.) C:\Program Files (x86)\Postbox\postbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\d\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-10-09] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-09] (Atheros Communications)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-12-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [wdbraz_certm] => C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe [57488 2011-03-29] ( Beijing WatchData System Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [Google Update] => C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-18] (Google Inc.)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [HP Deskjet 3510 series (NET) #2] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1746984 2014-06-26] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco)
Tcpip\Parameters: [DhcpNameServer] 201.17.128.109 201.17.128.103

FireFox:
========
FF ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default
FF NewTab: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\d\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\d\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\d\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\d\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: gastecnologia.com.br/sf/bb - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF Plugin HKCU: gastecnologia.com.br/sf/uni - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Users\d\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\d\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: Firebug - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\Extensions\firebug@software.joehewitt.com.xpi [2014-07-27]
FF Extension: Adblock Plus - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-28]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: No Name - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-05-21]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: Guardião - Itaú 30 horas - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-07-31]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-11]
CHR Extension: (Google Drive) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11]
CHR Extension: (YouTube) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Pesquisa do Google) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-11]
CHR Extension: (AdBlock) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-05]
CHR Extension: (Google Wallet) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR Extension: (Gmail) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-11]

continua

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [219776 2012-10-09] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [555048 2014-06-26] (GAS Tecnologia)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 WDBrazMonitor34; C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [75680 2011-03-24] (Beijing WatchData System Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-09] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-09] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 10:06 - 2014-08-05 10:06 - 00029553 _____ () C:\Users\d\Downloads\FRST.txt
2014-08-05 10:06 - 2014-08-05 10:06 - 00000000 ___DC () C:\FRST
2014-08-05 10:05 - 2014-08-05 10:05 - 02094080 ____C (Farbar) C:\Users\d\Downloads\FRST64.exe
2014-08-05 10:05 - 2014-08-05 10:05 - 00038932 _____ () C:\Users\d\Desktop\ZHPDiag.txt
2014-08-05 09:23 - 2014-08-05 09:56 - 00000920 _____ () C:\Users\d\Desktop\ZHPFixReport.txt
2014-08-04 18:05 - 2014-08-05 09:07 - 00000000 ____D () C:\Users\Todos os Usuários\AVG Security Toolbar
2014-08-04 18:05 - 2014-08-05 09:07 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-08-04 18:04 - 2014-08-04 18:04 - 00000000 ____D () C:\Users\Todos os Usuários\AVG Secure Search
2014-08-04 18:04 - 2014-08-04 18:04 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-08-04 17:22 - 2014-08-04 17:22 - 00000626 _____ () C:\Users\d\Desktop\JRT.txt
2014-08-04 17:15 - 2014-08-04 17:15 - 01016261 ____C (Thisisu) C:\Users\d\Downloads\JRT(1).exe
2014-08-04 16:47 - 2014-08-04 16:24 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-08-04 16:25 - 2014-08-04 16:49 - 00024628 ____C () C:\zoek-results.log
2014-08-04 16:23 - 2014-08-04 16:23 - 01288704 ____C () C:\Users\d\Downloads\zoek.exe
2014-08-04 15:57 - 2014-08-04 15:57 - 00001462 ____C () C:\mw.txt
2014-08-04 15:48 - 2014-08-04 15:48 - 00001424 ____C () C:\0408completo.txt
2014-08-04 12:39 - 2014-08-04 12:39 - 00001374 ____C () C:\040814.txt
2014-08-04 12:31 - 2014-08-04 12:31 - 00001324 ____C () C:\0408.txt
2014-08-04 11:31 - 2014-08-04 11:31 - 00002009 _____ () C:\Users\d\Desktop\ZHPFix.lnk
2014-08-04 11:31 - 2014-08-04 11:31 - 00001878 _____ () C:\Users\d\Desktop\ZHPDiag.lnk
2014-08-04 11:31 - 2014-08-04 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-08-03 20:38 - 2014-08-04 12:13 - 00000000 ___DC () C:\AdwCleaner
2014-08-03 20:37 - 2014-08-03 20:38 - 01361309 _____ () C:\Users\d\Downloads\AdwCleaner.exe
2014-08-03 18:50 - 2014-08-03 18:50 - 00001220 _____ () C:\Users\d\Desktop\Format Factory.lnk
2014-08-03 18:50 - 2014-08-03 18:50 - 00000000 ____D () C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-08-03 18:31 - 2014-08-03 18:41 - 53580025 _____ () C:\Users\d\Downloads\FFSetup3.3.5.0.zip
2014-08-03 16:24 - 2014-08-04 11:31 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-08-03 16:23 - 2014-08-03 16:24 - 06858013 _____ (Nicolas Coolman ) C:\Users\d\Downloads\ZHPDiag2.exe
2014-08-03 16:13 - 2014-08-05 10:04 - 00000000 ____D () C:\Users\d\AppData\Roaming\ZHP
2014-08-03 16:13 - 2014-08-03 20:20 - 00000000 ____D () C:\Program Files (x86)\ZHPFix
2014-08-03 16:12 - 2014-08-03 16:12 - 03522039 _____ (Nicolas Coolman ) C:\Users\d\Downloads\ZHPFix.exe
2014-08-03 13:16 - 2014-08-05 10:02 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 13:15 - 2014-08-03 13:15 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 13:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-03 13:15 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-03 13:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-03 13:13 - 2014-08-03 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\d\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-03 12:54 - 2014-08-05 10:05 - 00163269 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-03 12:09 - 2014-08-03 12:09 - 00000000 ____D () C:\Users\d\AppData\Roaming\AVG2014
2014-08-03 12:08 - 2014-08-03 12:08 - 00001001 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-03 12:08 - 2014-08-03 12:08 - 00000000 ____D () C:\Users\d\AppData\Roaming\TuneUp Software
2014-08-03 12:08 - 2014-08-03 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-03 12:07 - 2014-08-03 12:26 - 00000000 ____D () C:\Users\Todos os Usuários\AVG2014
2014-08-03 12:07 - 2014-08-03 12:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-03 12:07 - 2014-08-03 12:07 - 00000000 __HDC () C:\$AVG
2014-08-03 12:07 - 2014-08-03 12:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-03 12:05 - 2014-08-05 09:08 - 00000000 ____D () C:\Users\Todos os Usuários\MFAData
2014-08-03 12:05 - 2014-08-05 09:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-03 12:05 - 2014-08-03 12:11 - 00000000 ____D () C:\Users\d\AppData\Local\Avg2014
2014-08-03 12:05 - 2014-08-03 12:05 - 00000000 ____D () C:\Users\d\AppData\Local\MFAData
2014-08-03 12:02 - 2014-08-03 12:02 - 00098609 _____ () C:\Users\Todos os Usuários\1407078109.bdinstall.bin
2014-08-03 12:02 - 2014-08-03 12:02 - 00098609 _____ () C:\ProgramData\1407078109.bdinstall.bin
2014-08-03 12:01 - 2014-08-03 12:01 - 04755832 _____ (AVG Technologies) C:\Users\d\Downloads\avg_free_stb_pb_2014_4744_free.exe
2014-08-03 12:01 - 2014-08-03 12:01 - 00037689 _____ () C:\Users\Todos os Usuários\1407078107.bdinstall.bin
2014-08-03 12:01 - 2014-08-03 12:01 - 00037689 _____ () C:\ProgramData\1407078107.bdinstall.bin
2014-08-03 11:43 - 2014-08-05 09:59 - 00172760 _____ () C:\WINDOWS\PFRO.log
2014-08-03 11:31 - 2014-08-03 11:32 - 00012158 _____ () C:\Users\d\Desktop\cc_20140803_113143.reg
2014-08-03 11:21 - 2014-08-03 11:21 - 04813544 _____ (Piriform Ltd) C:\Users\d\Downloads\ccsetup416.exe
2014-08-03 11:05 - 2014-08-03 11:05 - 00213404 _____ () C:\Users\Todos os Usuários\1407074518.bdinstall.bin
2014-08-03 11:05 - 2014-08-03 11:05 - 00213404 _____ () C:\ProgramData\1407074518.bdinstall.bin
2014-08-03 11:04 - 2014-08-03 11:04 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-03 11:01 - 2014-08-03 11:02 - 00000000 ____D () C:\Users\d\AppData\Roaming\QuickScan
2014-08-03 10:59 - 2014-01-19 04:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-08-03 10:36 - 2014-08-03 11:33 - 00000000 ____D () C:\Program Files\FreeFixer
2014-08-03 10:36 - 2014-08-03 10:36 - 00000000 ____D () C:\Users\d\AppData\Roaming\FreeFixer
2014-08-03 10:36 - 2014-08-03 10:36 - 00000000 ____D () C:\Users\d\AppData\Local\FreeFixer
2014-08-01 17:41 - 2014-08-01 17:41 - 00000174 ____C () C:\Users\d\Desktop\255598834._hide.mp4
2014-08-01 15:49 - 2014-08-01 17:25 - 00000174 ____C () C:\Users\d\Desktop\255598834.mp4
2014-07-31 14:51 - 2014-07-31 15:04 - 00048208 _____ () C:\Users\d\AppData\Roaming\unins000.dat
2014-07-30 13:59 - 2014-07-30 15:46 - 3251977696 _____ () C:\Users\d\Downloads\h264.mp4
2014-07-29 15:11 - 2014-07-29 15:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-07-29 15:11 - 2014-07-29 15:11 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-07-29 15:09 - 2014-07-29 15:10 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-29 15:08 - 2014-07-02 17:48 - 31512520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 24196896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 22994208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 18626304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 17555104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 16122344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 15294296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 13922752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 13835208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 12866008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-07-29 15:08 - 2014-07-02 17:48 - 11283344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 11222048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 04247000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 03989960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434052.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 01539928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434052.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00944928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00907096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00903624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00869152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00354016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2014-07-29 11:23 - 2014-08-03 17:37 - 00000000 ___DC () C:\zoek_backup
2014-07-29 11:22 - 2014-07-29 11:23 - 04102729 _____ () C:\Users\d\Downloads\zoek.zip
2014-07-29 11:19 - 2014-07-29 11:19 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\d\Downloads\sc-cleaner.exe
2014-07-29 11:19 - 2014-07-29 11:19 - 00001754 ____C () C:\sc-cleaner.txt
2014-07-29 11:11 - 2014-07-29 11:12 - 00025600 ___SH () C:\Users\d\AppData\Local\Thumbs.db
2014-07-29 10:02 - 2014-07-29 10:02 - 00001534 _____ () C:\Users\d\Desktop\firefox.lnk
2014-07-29 09:59 - 2014-07-29 10:00 - 00001836 _____ () C:\Users\d\Desktop\chrome.lnk
2014-07-28 11:31 - 2014-07-28 11:31 - 00179200 _____ () C:\Users\d\Desktop\LEIC - Captação 2014 - Relação dos projetos captados - detalhamento incentivador.xls
2014-07-27 19:10 - 2014-07-27 20:34 - 577460504 _____ () C:\Users\d\Desktop\239129619.mp4
2014-07-25 12:08 - 2014-07-25 12:08 - 00004239 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-25 12:08 - 2014-07-25 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-25 12:08 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:08 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-25 12:08 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-25 12:08 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-23 12:32 - 2014-07-23 12:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 15:54 - 2014-07-22 15:56 - 00005532 _____ () C:\Users\d\Desktop\Rkill.txt
2014-07-22 15:53 - 2014-07-22 15:53 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\d\Downloads\tdsskiller.exe
2014-07-22 15:52 - 2014-07-22 15:53 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\d\Downloads\rkill.exe
2014-07-22 15:36 - 2014-07-22 15:36 - 01016261 _____ (Thisisu) C:\Users\d\Downloads\JRT.exe
2014-07-19 16:22 - 2014-07-19 16:22 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-07-19 16:18 - 2014-07-19 16:18 - 04161313 _____ () C:\Users\d\Downloads\tdsskiller.zip
2014-07-19 13:57 - 2014-07-19 13:57 - 00000000 ____D () C:\Users\d\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2014-07-19 11:57 - 2014-07-19 11:57 - 00000000 ____D () C:\Users\d\AppData\Roaming\LavasoftStatistics
2014-07-19 11:55 - 2014-07-19 11:55 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-19 11:52 - 2014-07-19 11:52 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-19 11:50 - 2014-07-19 11:50 - 00000000 ____D () C:\Users\Todos os Usuários\Lavasoft
2014-07-19 11:50 - 2014-07-19 11:50 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-18 13:05 - 2014-07-22 14:12 - 00000000 ____D () C:\Users\Todos os Usuários\HitmanPro
2014-07-18 13:05 - 2014-07-22 14:12 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-18 11:37 - 2014-07-18 11:37 - 00000680 ____C () C:\DelFix.txt
2014-07-16 10:09 - 2014-08-01 12:40 - 00000000 ____D () C:\Program Files (x86)\nada
2014-07-16 10:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-16 09:37 - 2014-07-16 09:37 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 09:37 - 2014-07-16 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 09:36 - 2014-07-16 09:37 - 00000000 ____D () C:\Users\Todos os Usuários\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 09:36 - 2014-07-16 09:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 09:36 - 2014-07-16 09:37 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 09:36 - 2014-07-16 09:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-16 09:36 - 2014-07-16 09:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-10 10:21 - 2014-04-14 00:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 10:20 - 2014-07-10 10:20 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 10:16 - 2014-06-16 19:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 10:16 - 2014-06-16 19:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 10:16 - 2014-06-06 11:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 10:16 - 2014-05-30 00:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 10:15 - 2014-06-18 22:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 10:15 - 2014-06-18 21:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 10:15 - 2014-06-18 21:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 10:15 - 2014-06-18 21:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 10:15 - 2014-06-18 20:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 10:15 - 2014-06-18 20:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 10:15 - 2014-06-18 20:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 10:15 - 2014-06-18 20:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 10:15 - 2014-06-18 20:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 10:15 - 2014-06-18 20:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 10:15 - 2014-06-18 20:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 10:15 - 2014-06-18 20:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 10:15 - 2014-06-18 20:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 10:15 - 2014-06-18 19:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 10:15 - 2014-06-18 19:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 10:15 - 2014-06-18 19:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 10:15 - 2014-06-18 19:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 10:15 - 2014-06-18 19:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 10:15 - 2014-06-18 19:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 10:15 - 2014-06-18 19:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 10:15 - 2014-06-18 19:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 10:15 - 2014-06-18 19:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 10:15 - 2014-06-18 19:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 10:15 - 2014-06-18 19:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 10:15 - 2014-06-18 19:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 10:15 - 2014-06-18 19:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 10:15 - 2014-06-18 19:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 10:15 - 2014-05-29 09:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 10:15 - 2014-05-29 04:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 10:15 - 2014-05-29 03:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 10:15 - 2014-05-29 03:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 10:15 - 2014-05-29 02:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 10:15 - 2014-05-29 02:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 10:14 - 2014-06-30 19:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-10 10:14 - 2014-06-28 04:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-10 10:14 - 2014-06-28 04:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-10 10:14 - 2014-06-06 10:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 10:14 - 2014-06-06 09:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 10:13 - 2014-05-31 07:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 10:13 - 2014-05-31 07:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 10:13 - 2014-05-31 00:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 10:13 - 2014-05-31 00:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 10:13 - 2014-05-31 00:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 10:13 - 2014-05-31 00:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 10:13 - 2014-05-31 00:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 10:13 - 2014-05-31 00:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 10:13 - 2014-05-30 23:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 10:13 - 2014-05-30 23:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 10:13 - 2014-05-30 23:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 10:13 - 2014-05-30 23:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 10:13 - 2014-05-30 23:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 10:13 - 2014-05-30 23:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 10:13 - 2014-05-30 23:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 10:10 - 2014-07-10 10:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 10:06 - 2014-08-05 10:06 - 00029553 _____ () C:\Users\d\Downloads\FRST.txt
2014-08-05 10:06 - 2014-08-05 10:06 - 00000000 ___DC () C:\FRST
2014-08-05 10:05 - 2014-08-05 10:05 - 02094080 ____C (Farbar) C:\Users\d\Downloads\FRST64.exe
2014-08-05 10:05 - 2014-08-05 10:05 - 00038932 _____ () C:\Users\d\Desktop\ZHPDiag.txt
2014-08-05 10:05 - 2014-08-03 12:54 - 00163269 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-05 10:04 - 2014-08-03 16:13 - 00000000 ____D () C:\Users\d\AppData\Roaming\ZHP
2014-08-05 10:03 - 2014-03-11 16:40 - 00000000 ___RD () C:\Users\d\Dropbox
2014-08-05 10:03 - 2014-03-11 16:35 - 00000000 ____D () C:\Users\d\AppData\Roaming\Dropbox
2014-08-05 10:03 - 2013-11-12 17:19 - 00000000 ____D () C:\Users\d\AppData\Roaming\Skype
2014-08-05 10:02 - 2014-08-03 13:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 10:02 - 2014-01-31 14:48 - 00000000 __RDO () C:\Users\d\SkyDrive
2014-08-05 10:02 - 2013-11-11 18:55 - 00001072 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-05 10:02 - 2013-11-11 18:42 - 00000408 _____ () C:\Users\d\AppData\Roaming\sp_data.sys
2014-08-05 09:59 - 2014-08-03 11:43 - 00172760 _____ () C:\WINDOWS\PFRO.log
2014-08-05 09:59 - 2013-08-22 11:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-05 09:58 - 2013-11-18 09:25 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002UA.job
2014-08-05 09:58 - 2013-08-22 10:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-05 09:56 - 2014-08-05 09:23 - 00000920 _____ () C:\Users\d\Desktop\ZHPFixReport.txt
2014-08-05 09:54 - 2014-02-25 10:59 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0F28CCBE-EB7A-4169-974A-3EA2C294A702}
2014-08-05 09:52 - 2013-11-11 18:55 - 00001076 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 09:45 - 2013-11-11 18:49 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1409651353-3477744269-1817149778-1002
2014-08-05 09:41 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-05 09:24 - 2013-11-19 10:23 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-08-05 09:24 - 2013-11-19 10:23 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-08-05 09:10 - 2013-11-19 10:42 - 00000902 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-05 09:08 - 2014-08-03 12:05 - 00000000 ____D () C:\Users\Todos os Usuários\MFAData
2014-08-05 09:08 - 2014-08-03 12:05 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-05 09:07 - 2014-08-04 18:05 - 00000000 ____D () C:\Users\Todos os Usuários\AVG Security Toolbar
2014-08-05 09:07 - 2014-08-04 18:05 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-08-05 09:02 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-04 18:04 - 2014-08-04 18:04 - 00000000 ____D () C:\Users\Todos os Usuários\AVG Secure Search
2014-08-04 18:04 - 2014-08-04 18:04 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-08-04 17:22 - 2014-08-04 17:22 - 00000626 _____ () C:\Users\d\Desktop\JRT.txt
2014-08-04 17:15 - 2014-08-04 17:15 - 01016261 ____C (Thisisu) C:\Users\d\Downloads\JRT(1).exe
2014-08-04 16:49 - 2014-08-04 16:25 - 00024628 ____C () C:\zoek-results.log
2014-08-04 16:49 - 2014-01-31 14:20 - 00000000 ____D () C:\Users\d
2014-08-04 16:24 - 2014-08-04 16:47 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-08-04 16:23 - 2014-08-04 16:23 - 01288704 ____C () C:\Users\d\Downloads\zoek.exe
2014-08-04 15:58 - 2013-11-18 09:25 - 00001028 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002Core.job
2014-08-04 15:57 - 2014-08-04 15:57 - 00001462 ____C () C:\mw.txt
2014-08-04 15:52 - 2013-11-26 09:44 - 00262144 ___SH () C:\Users\d\Desktop\Thumbs.db
2014-08-04 15:50 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\System
2014-08-04 15:48 - 2014-08-04 15:48 - 00001424 ____C () C:\0408completo.txt
2014-08-04 15:05 - 2013-11-19 09:48 - 00000000 ____D () C:\Users\d\AppData\Roaming\FileZilla
2014-08-04 14:39 - 2013-11-11 20:17 - 00000000 ____D () C:\Users\d\AppData\Roaming\vlc
2014-08-04 14:26 - 2014-01-07 13:46 - 00000000 ____D () C:\FFOutput
2014-08-04 12:39 - 2014-08-04 12:39 - 00001374 ____C () C:\040814.txt
2014-08-04 12:31 - 2014-08-04 12:31 - 00001324 ____C () C:\0408.txt
2014-08-04 12:13 - 2014-08-03 20:38 - 00000000 ___DC () C:\AdwCleaner
2014-08-04 11:31 - 2014-08-04 11:31 - 00002009 _____ () C:\Users\d\Desktop\ZHPFix.lnk
2014-08-04 11:31 - 2014-08-04 11:31 - 00001878 _____ () C:\Users\d\Desktop\ZHPDiag.lnk
2014-08-04 11:31 - 2014-08-04 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-08-04 11:31 - 2014-08-03 16:24 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-08-04 08:17 - 2014-06-20 10:10 - 00000000 ____D () C:\Users\d\AppData\Local\Adobe
2014-08-03 20:38 - 2014-08-03 20:37 - 01361309 _____ () C:\Users\d\Downloads\AdwCleaner.exe
2014-08-03 20:29 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\schemas
2014-08-03 20:20 - 2014-08-03 16:13 - 00000000 ____D () C:\Program Files (x86)\ZHPFix
2014-08-03 18:50 - 2014-08-03 18:50 - 00001220 _____ () C:\Users\d\Desktop\Format Factory.lnk
2014-08-03 18:50 - 2014-08-03 18:50 - 00000000 ____D () C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-08-03 18:41 - 2014-08-03 18:31 - 53580025 _____ () C:\Users\d\Downloads\FFSetup3.3.5.0.zip
2014-08-03 17:37 - 2014-07-29 11:23 - 00000000 ___DC () C:\zoek_backup
2014-08-03 16:24 - 2014-08-03 16:23 - 06858013 _____ (Nicolas Coolman ) C:\Users\d\Downloads\ZHPDiag2.exe
2014-08-03 16:12 - 2014-08-03 16:12 - 03522039 _____ (Nicolas Coolman ) C:\Users\d\Downloads\ZHPFix.exe
2014-08-03 13:15 - 2014-08-03 13:15 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 13:14 - 2014-08-03 13:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\d\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-03 12:54 - 2013-08-22 10:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-03 12:26 - 2014-08-03 12:07 - 00000000 ____D () C:\Users\Todos os Usuários\AVG2014
2014-08-03 12:26 - 2014-08-03 12:07 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-03 12:11 - 2014-08-03 12:05 - 00000000 ____D () C:\Users\d\AppData\Local\Avg2014
2014-08-03 12:09 - 2014-08-03 12:09 - 00000000 ____D () C:\Users\d\AppData\Roaming\AVG2014
2014-08-03 12:08 - 2014-08-03 12:08 - 00001001 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-03 12:08 - 2014-08-03 12:08 - 00000000 ____D () C:\Users\d\AppData\Roaming\TuneUp Software
2014-08-03 12:08 - 2014-08-03 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-03 12:08 - 2012-07-26 05:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-08-03 12:07 - 2014-08-03 12:07 - 00000000 __HDC () C:\$AVG
2014-08-03 12:07 - 2014-08-03 12:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-03 12:05 - 2014-08-03 12:05 - 00000000 ____D () C:\Users\d\AppData\Local\MFAData
2014-08-03 12:02 - 2014-08-03 12:02 - 00098609 _____ () C:\Users\Todos os Usuários\1407078109.bdinstall.bin
2014-08-03 12:02 - 2014-08-03 12:02 - 00098609 _____ () C:\ProgramData\1407078109.bdinstall.bin
2014-08-03 12:01 - 2014-08-03 12:01 - 04755832 _____ (AVG Technologies) C:\Users\d\Downloads\avg_free_stb_pb_2014_4744_free.exe
2014-08-03 12:01 - 2014-08-03 12:01 - 00037689 _____ () C:\Users\Todos os Usuários\1407078107.bdinstall.bin
2014-08-03 12:01 - 2014-08-03 12:01 - 00037689 _____ () C:\ProgramData\1407078107.bdinstall.bin
2014-08-03 11:49 - 2013-11-11 19:28 - 00578560 ___SH () C:\Users\d\Downloads\Thumbs.db
2014-08-03 11:49 - 2013-11-11 18:40 - 00000000 ____D () C:\Users\d\AppData\Local\Packages
2014-08-03 11:33 - 2014-08-03 10:36 - 00000000 ____D () C:\Program Files\FreeFixer
2014-08-03 11:32 - 2014-08-03 11:31 - 00012158 _____ () C:\Users\d\Desktop\cc_20140803_113143.reg
2014-08-03 11:26 - 2014-04-01 10:39 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-03 11:26 - 2013-11-19 17:50 - 00000000 ____D () C:\Users\d\AppData\Roaming\uTorrent
2014-08-03 11:21 - 2014-08-03 11:21 - 04813544 _____ (Piriform Ltd) C:\Users\d\Downloads\ccsetup416.exe
2014-08-03 11:05 - 2014-08-03 11:05 - 00213404 _____ () C:\Users\Todos os Usuários\1407074518.bdinstall.bin
2014-08-03 11:05 - 2014-08-03 11:05 - 00213404 _____ () C:\ProgramData\1407074518.bdinstall.bin
2014-08-03 11:04 - 2014-08-03 11:04 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-03 11:02 - 2014-08-03 11:01 - 00000000 ____D () C:\Users\d\AppData\Roaming\QuickScan
2014-08-03 10:57 - 2013-11-19 10:23 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-08-03 10:57 - 2013-11-19 10:23 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-08-03 10:56 - 2013-11-19 09:48 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-03 10:56 - 2013-11-11 20:20 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-08-03 10:56 - 2013-11-11 20:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-03 10:56 - 2013-08-22 11:44 - 05036328 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-03 10:36 - 2014-08-03 10:36 - 00000000 ____D () C:\Users\d\AppData\Roaming\FreeFixer
2014-08-03 10:36 - 2014-08-03 10:36 - 00000000 ____D () C:\Users\d\AppData\Local\FreeFixer
2014-08-01 17:41 - 2014-08-01 17:41 - 00000174 ____C () C:\Users\d\Desktop\255598834._hide.mp4
2014-08-01 17:25 - 2014-08-01 15:49 - 00000174 ____C () C:\Users\d\Desktop\255598834.mp4
2014-08-01 13:55 - 2013-11-14 04:26 - 01797166 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-01 13:55 - 2013-11-14 04:14 - 00782326 _____ () C:\WINDOWS\system32\prfh0416.dat
2014-08-01 13:55 - 2013-11-14 04:14 - 00161438 _____ () C:\WINDOWS\system32\prfc0416.dat
2014-08-01 12:40 - 2014-07-16 10:09 - 00000000 ____D () C:\Program Files (x86)\nada
2014-08-01 09:54 - 2013-11-19 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-31 17:51 - 2013-11-12 11:58 - 00000000 ____D () C:\Users\d\Documents\1.DISTRIBUIDORA
2014-07-31 15:04 - 2014-07-31 14:51 - 00048208 _____ () C:\Users\d\AppData\Roaming\unins000.dat
2014-07-31 14:49 - 2013-03-07 08:05 - 00000000 ____D () C:\Users\Todos os Usuários\Temp
2014-07-31 14:49 - 2013-03-07 08:05 - 00000000 ____D () C:\ProgramData\Temp
2014-07-30 15:46 - 2014-07-30 13:59 - 3251977696 _____ () C:\Users\d\Downloads\h264.mp4
2014-07-29 15:11 - 2014-07-29 15:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-07-29 15:11 - 2014-07-29 15:11 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-07-29 15:11 - 2014-01-31 14:12 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2014-07-29 15:11 - 2014-01-31 14:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-29 15:10 - 2014-07-29 15:09 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-29 15:09 - 2014-01-31 14:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-29 13:21 - 2012-12-19 12:11 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-29 11:23 - 2014-07-29 11:22 - 04102729 _____ () C:\Users\d\Downloads\zoek.zip
2014-07-29 11:19 - 2014-07-29 11:19 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\d\Downloads\sc-cleaner.exe
2014-07-29 11:19 - 2014-07-29 11:19 - 00001754 ____C () C:\sc-cleaner.txt
2014-07-29 11:12 - 2014-07-29 11:11 - 00025600 ___SH () C:\Users\d\AppData\Local\Thumbs.db
2014-07-29 10:44 - 2013-11-11 20:17 - 00001088 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-29 10:02 - 2014-07-29 10:02 - 00001534 _____ () C:\Users\d\Desktop\firefox.lnk
2014-07-29 10:00 - 2014-07-29 09:59 - 00001836 _____ () C:\Users\d\Desktop\chrome.lnk
2014-07-28 15:03 - 2013-11-21 18:44 - 00000000 ____D () C:\Users\d\Documents\4.DOCUMENTOS_ZETA
2014-07-28 11:31 - 2014-07-28 11:31 - 00179200 _____ () C:\Users\d\Desktop\LEIC - Captação 2014 - Relação dos projetos captados - detalhamento incentivador.xls
2014-07-27 20:34 - 2014-07-27 19:10 - 577460504 _____ () C:\Users\d\Desktop\239129619.mp4
2014-07-25 12:08 - 2014-07-25 12:08 - 00004239 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-25 12:08 - 2014-07-25 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-25 12:08 - 2013-11-12 11:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-25 11:55 - 2014-03-22 17:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 11:55 - 2014-03-22 17:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 11:55 - 2013-11-11 18:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-25 09:59 - 2014-03-11 16:40 - 00001059 _____ () C:\Users\d\Desktop\Dropbox.lnk
2014-07-25 09:59 - 2014-03-11 16:38 - 00000000 ____D () C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-24 17:34 - 2014-03-22 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 12:32 - 2014-07-23 12:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 16:03 - 2012-12-19 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-07-22 16:03 - 2012-12-19 12:12 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-07-22 15:56 - 2014-07-22 15:54 - 00005532 _____ () C:\Users\d\Desktop\Rkill.txt
2014-07-22 15:53 - 2014-07-22 15:53 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\d\Downloads\tdsskiller.exe
2014-07-22 15:53 - 2014-07-22 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\d\Downloads\rkill.exe
2014-07-22 15:36 - 2014-07-22 15:36 - 01016261 _____ (Thisisu) C:\Users\d\Downloads\JRT.exe
2014-07-22 14:13 - 2013-08-22 12:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-07-22 14:13 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-22 14:12 - 2014-07-18 13:05 - 00000000 ____D () C:\Users\Todos os Usuários\HitmanPro
2014-07-22 14:12 - 2014-07-18 13:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-22 14:12 - 2014-01-24 18:05 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-22 14:12 - 2013-12-05 10:21 - 00000000 ____D () C:\WINDOWS\SysWOW64\Watchdata
2014-07-22 14:12 - 2013-12-05 10:21 - 00000000 ____D () C:\WINDOWS\system32\Watchdata
2014-07-22 14:12 - 2013-12-05 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BB USB token Tool
2014-07-22 14:12 - 2013-12-05 10:21 - 00000000 ____D () C:\Program Files\Brazil
2014-07-22 14:12 - 2013-12-05 10:21 - 00000000 ____D () C:\Program Files (x86)\Brazil
2014-07-22 14:12 - 2013-12-03 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-07-22 14:12 - 2013-12-03 09:57 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-07-22 14:12 - 2013-11-19 10:23 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2014-07-22 14:12 - 2013-11-11 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-22 14:12 - 2013-11-11 18:41 - 00000000 __RSD () C:\Users\Public\Desktop\ASUS
2014-07-22 14:12 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-07-22 14:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-07-22 14:12 - 2013-03-07 08:10 - 00000000 ____D () C:\Users\Todos os Usuários\P4G
2014-07-22 14:12 - 2013-03-07 08:10 - 00000000 ____D () C:\ProgramData\P4G
2014-07-22 14:02 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\registration
2014-07-22 14:01 - 2013-11-11 18:57 - 00000000 ____D () C:\Users\d\AppData\Roaming\Mozilla
2014-07-22 14:00 - 2014-02-26 09:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-22 14:00 - 2013-11-11 18:42 - 00000000 ____D () C:\Users\d\AppData\Roaming\Adobe
2014-07-22 13:59 - 2013-03-07 07:59 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-07-19 17:33 - 2012-07-26 04:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-19 16:22 - 2014-07-19 16:22 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-07-19 16:18 - 2014-07-19 16:18 - 04161313 _____ () C:\Users\d\Downloads\tdsskiller.zip
2014-07-19 16:06 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-19 13:57 - 2014-07-19 13:57 - 00000000 ____D () C:\Users\d\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2014-07-19 11:57 - 2014-07-19 11:57 - 00000000 ____D () C:\Users\d\AppData\Roaming\LavasoftStatistics
2014-07-19 11:55 - 2014-07-19 11:55 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-19 11:52 - 2014-07-19 11:52 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-19 11:50 - 2014-07-19 11:50 - 00000000 ____D () C:\Users\Todos os Usuários\Lavasoft
2014-07-19 11:50 - 2014-07-19 11:50 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-18 11:37 - 2014-07-18 11:37 - 00000680 ____C () C:\DelFix.txt
2014-07-16 10:05 - 2013-11-19 10:24 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\WINDOWS\SysWOW64\Drivers\gbpndisrd.sys
2014-07-16 10:05 - 2013-11-19 10:24 - 00010266 _____ () C:\WINDOWS\SysWOW64\Drivers\ndisrd.cat
2014-07-16 10:05 - 2013-11-19 10:24 - 00001402 _____ () C:\WINDOWS\SysWOW64\Drivers\gas.cer
2014-07-16 10:05 - 2013-08-22 10:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI(172)
2014-07-16 09:37 - 2014-07-16 09:37 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 09:37 - 2014-07-16 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 09:37 - 2014-07-16 09:36 - 00000000 ____D () C:\Users\Todos os Usuários\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 09:37 - 2014-07-16 09:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 09:37 - 2014-07-16 09:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 09:37 - 2014-07-16 09:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-16 09:36 - 2014-07-16 09:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-14 09:21 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 11:34 - 2013-11-11 18:40 - 00000000 ____D () C:\Users\d\AppData\Local\VirtualStore
2014-07-13 09:33 - 2013-08-22 12:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-13 09:33 - 2013-08-22 12:36 - 00000000 ___RD () C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 09:33 - 2013-08-22 12:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 09:33 - 2013-08-22 12:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 17:44 - 2013-11-13 11:04 - 00088064 ___SH () C:\Users\d\Documents\Thumbs.db
2014-07-11 10:30 - 2013-11-12 11:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-11 03:02 - 2014-07-25 12:08 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-25 12:08 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-25 12:08 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-25 12:08 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-10 10:23 - 2013-11-13 12:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 10:21 - 2013-11-13 12:03 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 10:20 - 2014-07-10 10:20 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 10:20 - 2013-11-14 04:15 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 10:10 - 2014-07-10 10:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 11:10 - 2013-11-19 10:42 - 00003790 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\Users\Todos os Usuários\SetStretch.exe


Some content of TEMP:
====================
C:\Users\d\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2vwod8.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-05 09:30

==================== End Of Log ============================