Adwares no PC

Bom dia, depois que instalei o Fremake Vídeo Converter, meu facebook travou quando fui compartilhar. Google Chrome de novo, com algo suspeito.
E nisso tudo, minha internet oi velox também com problemas de autenticação....

  Olá!

Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

*Execute-o e clique no botão Main Menu.

* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].

*Um relatório será apresentado.

*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.

Ficamos no aguardo de sua resposta.

Power Max escreveu:  Olá!

 Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

*Execute-o e clique no botão Main Menu.

* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].

*Um relatório será apresentado.

*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.

Ficamos no aguardo de sua resposta.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:00:09, on 29/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\wagner\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{284C4745-7349-434B-B810-25F696792134}: NameServer = 200.165.132.147,200.165.132.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{284C4745-7349-434B-B810-25F696792134}: NameServer = 200.165.132.147,200.165.132.154
O17 - HKLM\System\CS2\Services\Tcpip\..\{284C4745-7349-434B-B810-25F696792134}: NameServer = 200.165.132.147,200.165.132.154
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PCAppStoreSvc_{PCAppStore_3.4.0.16} - Unknown owner - (no file)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9242 bytes

Siga, por gentileza, as dicas dos tutoriais abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt e o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt e nos diga como está seu PC depois destes procedimentos.

Ficamos na espera.

Power Max escreveu:  Siga, por gentileza, as dicas dos tutoriais abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt e o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt e nos diga como está seu PC depois destes procedimentos.

Ficamos na espera.

# AdwCleaner v3.018 - Relatório criado 29/01/2014 às 13:31:19
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : wagner - WAGNER-PC
# Executando de : C:\Users\wagner\Desktop\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v

[ Arquivo : C:\Users\wagner\AppData\Roaming\Mozilla\Firefox\Profiles\8ayb27z6.default\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ Arquivo : C:\Users\wagner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [904 octets] - [29/01/2014 13:30:52]
AdwCleaner[S0].txt - [823 octets] - [29/01/2014 13:31:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [882 octets] ##########


e o log do JR :


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x64
Ran by wagner on 29/01/2014 at 13:25:28,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\wagner\appdata\locallow\conduit"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/01/2014 at 13:30:10,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

O Chrome parou de abrir de um modo estranho e o pc ficou ótimo.

Siga também esta dica, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Depois disto é só você postar o relatório do Zoek que estará em C:\zoek-results aqui em seu tópico.

Power Max escreveu:  Siga também esta dica, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Depois disto é só você postar o relatório do Zoek que estará em C:\zoek-results aqui em seu tópico.

Boa Noite, desculpe a demora, depois que rodou o ZOEK , ficou bem melhor o computador, segue o log do zoek :

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wagner\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\wagner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\wagner\AppData\Local\Google\Chrome SxS\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=49 folders=26 22308717 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser.wagner-PC\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\wagner\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\wagner\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\wagner\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 29/01/2014 at 23:59:35,44 ======================

Parece que a parte de cima do log ficou faltando um pedaço, confira aí por gentileza.

Power Max escreveu:  Parece que a parte de cima do log ficou faltando um pedaço, confira aí por gentileza.

Veja este print, o Facebook abre no comodo dragon, e não abre para Logar no Google Chrome.
vou procurar o log correto......
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

o Logo correto :


Zoek.exe v5.0.0.0 Updated 29-January-2014
Tool run by wagner on 29/01/2014 at 23:39:43,13.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\wagner\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-29-214511.log 14779 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\wagner\AppData\Roaming\Mozilla\Firefox\Profiles\8ayb27z6.default
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director
71B61A08992B0F895288CAAB2B43E3F7 - C:\Users\wagner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\wagner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft Windows Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\wagner\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[07/12/2013 15:27]

GBBD Banco do Brasil - wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Docs - wagner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.ig.com.br/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.ig.com.br/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== shortcuts on Users Desktops ======================

C:\Users\UpdatusUser.wagner-PC\Desktop\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\wagner\Desktop\0 A.D..lnk - C:\Users\wagner\0 A.D. alpha\binaries\system\pyrogenesis.exe
C:\Users\wagner\Desktop\Auslogics Disk Defrag.lnk - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
C:\Users\wagner\Desktop\DreaMule.lnk - C:\Program Files (x86)\DreaMule\emule.exe
C:\Users\wagner\Desktop\End Of Nations.lnk - C:\Program Files (x86)\End of Nations Alpha\eonpatch_r.exe
C:\Users\wagner\Desktop\EVGA Precision X.lnk - C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
C:\Users\wagner\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\wagner\Desktop\MPC-HC.lnk - C:\Program Files (x86)\Media Player Classic - Home Cinema\mpc-hc.exe
C:\Users\wagner\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\wagner\Desktop\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\wagner\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\wagner\Desktop\Tweaking.com - Windows Repair (All in One).lnk - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe
C:\Users\wagner\Desktop\ZSoft Uninstaller.lnk - C:\Program Files (x86)\ZSoft\Uninstaller\Uninstaller.exe
C:\Users\TODOSO~1\Desktop\ Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\TODOSO~1\Desktop\Arc.lnk - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe
C:\Users\TODOSO~1\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\TODOSO~1\Desktop\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\TODOSO~1\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\Users\TODOSO~1\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\TODOSO~1\Desktop\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe
C:\Users\TODOSO~1\Desktop\comodo dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Users\TODOSO~1\Desktop\CPUID HWMonitor.lnk - C:\Program Files (x86)\CPUID\HWMonitor\HWMonitor.exe
C:\Users\TODOSO~1\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\TODOSO~1\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\TODOSO~1\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\TODOSO~1\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\TODOSO~1\Desktop\SlimDrivers.lnk - C:\Windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe
C:\Users\TODOSO~1\Desktop\StarCraft II.lnk - C:\Program Files (x86)\StarCraft II\StarCraft II.exe
C:\Users\TODOSO~1\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\TODOSO~1\Desktop\Windows 7 Upgrade Advisor.lnk - C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\Arc.lnk - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe
C:\Users\Public\Desktop\comodo dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Users\Public\Desktop\CPUID HWMonitor.lnk - C:\Program Files (x86)\CPUID\HWMonitor\HWMonitor.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\SlimDrivers.lnk - C:\Windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe
C:\Users\Public\Desktop\StarCraft II.lnk - C:\Program Files (x86)\StarCraft II\StarCraft II.exe
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk - C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe

==== shortcuts in Users Start Menu ======================

C:\Users\wagner\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\wagner\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\0 A.D. alpha\0 A.D..lnk - C:\Users\wagner\0 A.D. alpha\binaries\system\pyrogenesis.exe
C:\Users\wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\0 A.D. alpha\Map editor.lnk - C:\Users\wagner\0 A.D. alpha\binaries\system\pyrogenesis.exe -editor
C:\Users\wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\0 A.D. alpha\Open logs folder.lnk - C:\Users\wagner\0 A.D. alpha\OpenLogsFolder.bat
C:\Users\wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\0 A.D. alpha\Uninstall.lnk - C:\Users\wagner\0 A.D. alpha\Uninstall.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\End of Nations Alpha\End of Nations Alpha.lnk - C:\Program Files (x86)\End of Nations Alpha\eonpatch_r.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\End of Nations Alpha\Uninstall End of Nations Alpha.lnk - C:\Program Files (x86)\End of Nations Alpha\eon-uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\End of Nations.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall\Uninstall RaidCall.lnk - C:\Program Files (x86)\RaidCall\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Check for Updates.lnk - C:\Program Files (x86)\Xvid\autoupdate-windows.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Decoder.lnk - C:\Windows\System32\rundll32.exe xvid.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Encoder.lnk - C:\Windows\System32\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Release Notes.lnk - C:\Program Files (x86)\Xvid\releasenotes.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Uninstall Xvid Video Codec.lnk - C:\Program Files (x86)\Xvid\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Xvid MiniConvert.lnk - C:\Program Files (x86)\Xvid\MiniConvert.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Nic's FourCC Changer.lnk - C:\Program Files (x86)\Xvid\AviC.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Nic's MiniCalc.lnk - C:\Program Files (x86)\Xvid\MiniCalc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Some Quantization Matrices.lnk - C:\Program Files (x86)\Xvid\Xvid_Quant_Matrices.zip
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\StatsReader 2.1.lnk - C:\Program Files (x86)\Xvid\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\StatsReader Notes.lnk - C:\Program Files (x86)\Xvid\statsreader.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\xvid_encraw.lnk - C:\Windows\system32\cmd.exe /k ""C:\Program Files (x86)/Xvid\xvid_encraw.exe"" -h

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser.wagner-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser.wagner-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\wagner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\wagner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE /recycle
C:\Users\wagner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\wagner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\wagner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\wagner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wagner\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\wagner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\wagner\AppData\Local\Google\Chrome SxS\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=49 folders=26 22308717 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser.wagner-PC\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\wagner\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\wagner\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\wagner\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 29/01/2014 at 23:59:35,44 ======================

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
 
|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Power Max escreveu: |- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
 
|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Iniciado por wagner (30/01/2014 13:22:40)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v32.0.1700.76 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.03 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Java 7 Update 25

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3327 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 276 GB (60%) free of 456 GB

---\\ Modo de conexão ao sistema
~ Computer Name: WAGNER-PC
~ User Name: wagner
~ All Users Names: wagner, UpdatusUser, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\wagner\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\wagner\AppData\Roaming\
~ %Desktop% : C:\Users\wagner\Desktop\
~ %Favorites% : C:\Users\wagner\Favorites\
~ %LocalAppData% : C:\Users\wagner\AppData\Local\
~ %StartMenu% : C:\Users\wagner\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 276 Go of 456 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5121DB613E10A46A3C5085B479026AA7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.14/11/2012 - 03:04:11.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.31/08/2012 - 15:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/65
~ Mes Videos (My Videos) : 1/98
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 1/1122
~ Mon Bureau (My Desktop) : 2/1079
~ Menu demarrer (Programs) : 1/47
~ Hidden Files: Scanned in 00mn 09s



---\\ Processos lançados
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.2084]
[MD5.3B0BA44D5691E00088B956394FDE64B6] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584] [PID.2056]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3280]
[MD5.DAAA237C34A506EF56D44A56EA039CC0] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [452968] [PID.748]
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376] [PID.1244]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376] [PID.1532]
[MD5.49B2C034D77F9F73C80AC55E795CCB6E] - (...) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232] [PID.1784]
[MD5.3A2BDD76E7D2A5F40A7174793D1BA794] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [75136] [PID.1544]
~ Processes Running: Scanned in 00mn 00s



---\\ Opera, Plugins,Arranque,Pesquisa (P1,B0,B1)
B0 - SPO: operaprefs.ini [wagner] Home URL=http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
~ Opera Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\wagner\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [wagner - 8ayb27z6.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\wagner\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 22



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: ArcPluginIEBHO [64Bits] - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} . (.Perfect World Entertainment Inc - ArcPlugin Dynamic Link Library Supporting I.) -- C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
~ BHO: 7 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Arc.lnk . (.Perfect World Entertainment - Arc.) -- C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Battle.net.lnk . (.Blizzard Entertainment - Battle.net Setup.) -- C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: SlimDrivers.lnk . (...) -- C:\Windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe
O4 - GS\Desktop [Public]: StarCraft II.lnk . (.Blizzard Entertainment - StarCraft II Setup.) -- C:\Program Files (x86)\StarCraft II\StarCraft II.exe
O4 - GS\Desktop [Public]: Windows 7 Upgrade Advisor.lnk . (.Microsoft Corporation - Windows 7 Upgrade Advisor.) -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe
O4 - GS\Program [Public]: Windows 7 Upgrade Advisor.lnk . (.Microsoft Corporation - Windows 7 Upgrade Advisor.) -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe
O4 - GS\QuickLaunch [wagner]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [wagner]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [wagner]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [wagner]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [wagner]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [wagner]: 0 A.D..lnk . (...) -- C:\Users\wagner\0 A.D. alpha\binaries\system\pyrogenesis.exe
O4 - GS\Desktop [wagner]: Auslogics Disk Defrag.lnk . (.Auslogics - Disk Defrag.) -- C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
O4 - GS\Desktop [wagner]: DreaMule.lnk . (.http://www.dreamule.org - Dreamule.) -- C:\Program Files (x86)\DreaMule\emule.exe
O4 - GS\Desktop [wagner]: End Of Nations.lnk . (.Trion Worlds Inc. - EoN-Patch.) -- C:\Program Files (x86)\End of Nations Alpha\eonpatch_r.exe
O4 - GS\Desktop [wagner]: EVGA Precision X.lnk . (...) -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
O4 - GS\Desktop [wagner]: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\Desktop [wagner]: MPC-HC.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\Media Player Classic - Home Cinema\mpc-hc.exe
O4 - GS\Desktop [wagner]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [wagner]: RaidCall.lnk . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe
O4 - GS\Desktop [wagner]: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - GS\Desktop [wagner]: ZSoft Uninstaller.lnk . (.ZSoft Software - ZSoft Uninstaller.) -- C:\Program Files (x86)\ZSoft\Uninstaller\Uninstaller.exe
~ Global Startup: 83 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{284C4745-7349-434B-B810-25F696792134}: NameServer = 200.165.132.147,200.165.132.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{284C4745-7349-434B-B810-25F696792134}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{284C4745-7349-434B-B810-25F696792134}: NameServer = 200.165.132.147,200.165.132.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{284C4745-7349-434B-B810-25F696792134}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{284C4745-7349-434B-B810-25F696792134}: NameServer = 200.165.132.147,200.165.132.154
O17 - HKLM\System\CS2\Services\Tcpip\..\{284C4745-7349-434B-B810-25F696792134}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\SysWOW64\PnkBstrA.exe
~ Services: 6 Legitimates Filtered in 00mn 02s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (lsdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Wise Turbo Checker.job [404]
~ Scheduled Task: 3 Legitimates Filtered in 00mn 02s



---\\ Software instalados (042)
O42 - Logiciel: 0 A.D. - (.Wildfire Games.) [HKCU][64Bits] -- 0 A.D.
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Guardians of Middle-earth - (.Zombie Studios.) [HKLM][64Bits] -- Steam App 111900
~ Logic: 6 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\A Bit Lucky, Inc]
[HKCU\Software\Arcen Games, LLC]
[HKCU\Software\Artery KFT.]
[HKCU\Software\BetaDwarf ApS]
[HKCU\Software\Cliffhanger Productions]
[HKCU\Software\FAIRLIGHT]
[HKCU\Software\Full Control]
[HKCU\Software\GbAs]
[HKCU\Software\Kiz Studios]
[HKCU\Software\MTG]
[HKCU\Software\UltraDownloads.com.br]
[HKCU\Software\eBook Maestro Books]
[HKCU\Software\superdownloads.com.br]
[HKCU\Software\wannaplay]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Auto Updater]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\PCTools]
[HKLM\Software\Wow6432Node\Super X Studios]
[HKLM\Software\Wow6432Node\ZSoft]
~ Key Software: 405 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/01/2014 - 15:24:07 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/04/2013 - 14:27:18 - [149,643] ----D C:\Program Files (x86)\DAODB
O43 - CFD: 01/05/2012 - 17:54:32 - [25,111] ----D C:\Program Files (x86)\DreaMule
O43 - CFD: 02/03/2013 - 15:35:57 - [35,323] ----D C:\Program Files (x86)\ZSoft
O43 - CFD: 15/07/2011 - 03:22:29 - [0,004] -SH-D C:\ProgramData\017bdc
O43 - CFD: 09/08/2013 - 19:11:45 - [0] ----D C:\ProgramData\Acebyte
O43 - CFD: 15/07/2011 - 04:15:53 - [0] -SH-D C:\ProgramData\AMVLTL
O43 - CFD: 24/01/2014 - 11:16:10 - [0,001] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/01/2013 - 19:32:56 - [0] ----D C:\ProgramData\Iron Sky
O43 - CFD: 29/12/2013 - 01:55:44 - [0] ----D C:\Users\wagner\AppData\Roaming\0ad
O43 - CFD: 06/03/2013 - 01:55:27 - [0] ----D C:\Users\wagner\AppData\Roaming\0O1CtG0I1G2Z1P1C1T1R2Z1L2X1P
O43 - CFD: 13/08/2013 - 23:17:55 - [0,003] ----D C:\Users\wagner\AppData\Roaming\backbeat
O43 - CFD: 09/08/2013 - 19:40:37 - [12,643] ----D C:\Users\wagner\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 25/06/2011 - 02:47:57 - [0] ----D C:\Users\wagner\AppData\Roaming\Cobra Mobile
O43 - CFD: 31/03/2011 - 17:26:54 - [688,666] ----D C:\Users\wagner\AppData\Roaming\DarksporeData
O43 - CFD: 08/05/2013 - 12:21:47 - [0,288] ----D C:\Users\wagner\AppData\Roaming\dl_0
O43 - CFD: 29/01/2014 - 13:39:15 - [339,115] ----D C:\Users\wagner\AppData\Roaming\EoN
O43 - CFD: 20/12/2012 - 15:55:19 - [2,849] ----D C:\Users\wagner\AppData\Roaming\Epiphany Games
O43 - CFD: 30/11/2012 - 23:06:30 - [0,580] ----D C:\Users\wagner\AppData\Roaming\Full Control
O43 - CFD: 22/01/2013 - 02:38:54 - [0] ----D C:\Users\wagner\AppData\Roaming\IonFx
O43 - CFD: 14/09/2013 - 21:04:00 - [0] ----D C:\Users\wagner\AppData\Roaming\library_dir
O43 - CFD: 29/12/2011 - 23:17:03 - [0] ----D C:\Users\wagner\AppData\Roaming\Shareaza
O43 - CFD: 22/01/2013 - 14:52:44 - [0] ----D C:\Users\wagner\AppData\Roaming\Splitscreen Studios
O43 - CFD: 13/05/2013 - 13:43:07 - [0,230] ----D C:\Users\wagner\AppData\Roaming\TheBannerSagaFactions
O43 - CFD: 08/05/2013 - 12:24:44 - [0,476] ----D C:\Users\wagner\AppData\Local\Fancy
O43 - CFD: 08/05/2013 - 12:22:41 - [0,287] ----D C:\Users\wagner\AppData\Local\Iron Sky
O43 - CFD: 29/12/2011 - 22:57:29 - [0] ----D C:\Users\wagner\AppData\Local\Shareaza
~ Program Folder: 320 Legitimates Filtered in 01mn 04s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.9DAEC9D57ED0B24FDE04E93EFEDB627D] - 18/01/2014 - 23:48:03 ---A- . (...) -- C:\Windows\System32\xvid.ax [173568]
O44 - LFC:[MD5.4F35C25B664FE4C10C83ADA9F827DCA6] - 18/01/2014 - 23:48:03 ---A- . (...) -- C:\Windows\System32\xvidcore.dll [696832]
O44 - LFC:[MD5.12160D5E79E2D6DD251793134CD0E3F9] - 18/01/2014 - 23:48:03 ---A- . (...) -- C:\Windows\System32\xvidvfw.dll [255488]
O44 - LFC:[MD5.76DAEECD51E7F752DC7C9EC15004C005] - 28/01/2014 - 13:03:15 ---A- . (...) -- C:\DelFix.txt [1005]
O44 - LFC:[MD5.E27FF4A4B5DF2083C81D741B4CF12553] - 29/01/2014 - 09:48:05 ---A- . (...) -- C:\PureRa.txt [1750]
O44 - LFC:[MD5.68B2AD8C656E4A62D8CEE88C7030E527] - 29/01/2014 - 18:45:11 ---A- . (...) -- C:\zoek-results2014-01-29-214511.log [14779]
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 29/01/2014 - 22:39:29 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.06FC6AD56373F56F16F6E4F052FBB7F3] - 29/01/2014 - 22:59:35 ---A- . (...) -- C:\zoek-results.log [17330]
O44 - LFC:[MD5.C1E4B3B1757FA090ADAEF2C581AFB110] - 30/01/2014 - 07:01:04 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [179540]
O44 - LFC:[MD5.4ACEDB82C712831B48BDB920247B8E59] - 30/01/2014 - 07:01:04 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [768628]
O44 - LFC:[MD5.6EC7773CEC2E223F3B4CFE6DBC74D24A] - 30/01/2014 - 12:07:06 ---A- . (...) -- C:\aaw7boot.log [364444]
~ Files: 23 Legitimates Filtered in 00mn 03s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\LightShot [Key] . (.No owner - Starter Module.) -- C:\Users\wagner\AppData\Local\Skillbrains\lightshot\LightShot.exe
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.F338F29E06D24AC1C162131C1C908FB5] - 17/01/2013 - 21:07:36 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 01/07/2013 - 12:14:30 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 01/07/2013 - 12:14:30 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] - 01/07/2013 - 12:14:30 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:[MD5.54494B93BB5AD74C807100144EC30D64] - 07/08/2012 - 02:34:04 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [310728]
O58 - SDL:[MD5.FB9BEF3401EE5ECC2603311B9C64F44A] - 27/03/2011 - 00:09:47 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [254528]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.8E4CA9AFD55EF6B509C80A8715ABF8C6] - 06/08/2012 - 18:48:01 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [42696]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.A340ABC480C43C30CABC943E78AC631E] - 07/07/2010 - 11:26:46 ---A- . (.Windows (R) Win 7 DDK provider - Spyware Terminator filter driver.) -- C:\Windows\System32\Drivers\stflt.sys [50696]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 30/01/2014 - 12:07:29 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 04/10/2010 - 20:59:32 ---A- . (...) -- C:\Windows\SysWOW64\StarOpen.sys [5632]
~ Drivers: 18 Legitimates Filtered in 00mn 20s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Comodo - Comodo Dragon.) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.F930D72780CFB6DB5089E9B3561CC647] [SPRF][17/06/2013] (...) -- C:\ProgramData\NanoRepository.bin [5488]
[MD5.9D94E0137F140722BC29E2FB6333D80B] [SPRF][31/10/2013] (...) -- C:\Users\wagner\AppData\Local\fusioncache.dat [94]
[MD5.F88F77C87ADF0641F5F48EA65A49F605] [SPRF][28/01/2014] (...) -- C:\Users\wagner\AppData\Roaming\unins000.dat [29331]
[MD5.54DB2B8C60F04C5ADE6D711D47EABA75] [SPRF][29/01/2014] (...) -- C:\Users\wagner\Desktop\adwcleaner.exe [1166132]
[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [SPRF][17/01/2014] (.Atribune.org - ATF Cleaner.exe.) -- C:\Users\wagner\Desktop\ATF-Cleaner.exe [50688]
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\wagner\Desktop\PureRa.exe [76565]
~ Files: 10 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{A7E47036-A856-4635-A162-3E9292F3573F}C:\program files (x86)\dreamule\emule.exe" | In - Private - P6 - TRUE | .(.http://www.dreamule.org - Dreamule.) -- C:\program files (x86)\dreamule\emule.exe
O87 - FAEL: "UDP Query User{59C32546-5F8B-4F3C-9721-8BF9B6118AEA}C:\program files (x86)\dreamule\emule.exe" | In - Private - P17 - TRUE | .(.http://www.dreamule.org - Dreamule.) -- C:\program files (x86)\dreamule\emule.exe
O87 - FAEL: "TCP Query User{734641B0-C6BD-45FD-A62B-954B958FEA9E}C:\users\wagner\0 a.d. alpha\binaries\system\pyrogenesis.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\wagner\0 a.d. alpha\binaries\system\pyrogenesis.exe
O87 - FAEL: "UDP Query User{DD625C5A-8396-4F38-B546-1F267257BE1A}C:\users\wagner\0 a.d. alpha\binaries\system\pyrogenesis.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\wagner\0 a.d. alpha\binaries\system\pyrogenesis.exe
O87 - FAEL: "{8E2D1856-BB60-4DD4-B610-83A40AB7CACC}" | In - Private - P6 - TRUE | .(.Petroglyph Games, Inc. - RTSClient.) -- C:\Program Files (x86)\End of Nations Alpha\RTSClientG.exe
O87 - FAEL: "{90982B44-01BF-4237-91EE-418DD3797C7F}" | In - Private - P17 - TRUE | .(.Petroglyph Games, Inc. - RTSClient.) -- C:\Program Files (x86)\End of Nations Alpha\RTSClientG.exe
~ Firewall: 250 Legitimates Filtered in 00mn 01s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "906AFEA44D7846946B0530CE09E476E3" . (.Windows 7 Upgrade Advisor.) -- C:\Windows\Installer\{4AEFA609-87D4-4964-B650-03EC904E673E}\WuaIcon
O90 - PUC: "ADE742988828EC940AACE5CB717D0164" . (..) -- C:\Windows\Installer\{89247EDA-8288-49CE-A0CA-5EBC17D71046}\ARPPRODUCTICON.exe
~ Update Products: 121 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 21/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 24/01/2014 88400 | (ArcService) . (.Perfect World Entertainment Inc.) - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
SS - | Demand 27/07/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/07/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Demand 19/04/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 11/12/2013 569768 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 18/04/2013 412960 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 19/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 27/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 28/01/2014 2135232 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
SR - | Auto 16/10/2013 452968 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 18/04/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 12s



---\\ Scâner Aditional (088)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 2

[HKLM\Software\Classes\Installer\Products\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM
[HKCR\VirtualStore\MACHINE\Software\CToolbar] =>Toolbar.Crawler
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\wagner\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
~ Additionnel Scan: 282579 Items scanned in 00mn 19s



---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 5 link(s) detected in 00mn 19s



~ 1436 Legitimates filtered by white list
End of the scan (527 lines in 02mn 32s)(0)

Copie todo este script que te passei.
 
Vá no menu: Iniciar > Todos os programas > ZHP > ZHPFix > > Clique em Importação > Clique em OK > Clique com o botão direito do mouse sobre a grande área cinza da tela do programa e clique em Colar > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.

Então quando cliquei no ZHPFix, aparece a opção Importar e configurar. Aparecem algumas destes que vc cita em vermelho

Abra o Zhpfix > Clique em Importação > Clique em OK > Clique com o botão direito do mouse sobre a grande área cinza da tela do programa e clique em Colar > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.

Power Max escreveu:Abra o Zhpfix > Clique em Importação > Clique em OK > Clique com o botão direito do mouse sobre a grande área cinza da tela do programa e clique em Colar > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.

Depois de Importação aparece o GO, o  X para voltar ou o X para fechar, Não tem opção OK.....neste Importação ja tem itens que ele vai limpar....mas não é igual ao que vc manda colar....

Já estão certos os itens e iguais aos que te passei. É só você mover a tela para baixo ou para cima que você verá que está igual ao que te passei.

Power Max escreveu:Já estão certos os itens e iguais aos que te passei. É só você mover a tela para baixo ou para cima que você verá que está igual ao que te passei.

Sim ja fiz a limpeza ......veja o Report.

Run by wagner at 30/01/2014 18:32:43
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Processo memória ==========
AUSENTE Memory Process: O34 - HKLM BootExecute: (lsdelete) - File not found

========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\UltraDownloads.com.br
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ: HKLM\Software\Wow6432Node\Auto Updater
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\PCTools
ELIMINÉ: HKLM\Software\Classes\Installer\Products\4340C4778499EED41AE496DC3D613EC6
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6
ELIMINÉ: HKCR\VirtualStore\MACHINE\Software\CToolbar
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A

========== Valores do Registo ==========
ELIMINÉ MWPS Value: EnableUIADesktopToggle
ELIMINÉ MWPS Value: PromptOnSecureDesktop
ELIMINÉ MWPS Value: FilterAdministratorToken
ELIMINÉ MWPS Value: EnableLUA
ELIMINÉ MWPE Value: NoLowDiskSpaceChecks
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Preferências do navegador ==========
ELIMINÉ: Opera Start Page: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ Mozilla Pref: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\tasks\wise turbo checker.job
ELIMINA REINICIAR: c:\windows\system32\drivers\360fltoem.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\stflt.sys
ELIMINÉ Temporários windows (12) (66.272 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Outros ==========
NÃO-TRATADO SystemRestore


========== Recapitulativo ==========
1 : Processo memória
18 : Chaves do Registo
11 : Valores do Registo
1 : Pastas
5 : Ficheiros
2 : Preferências do navegador
1 : Outros


End of clean in 00mn 05s

========== Caminho do ficheiro do relatório ==========
C:\Users\wagner\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/01/2014 18:32:45 [3399]

   Os problemas foram eliminados.

Reinicie o seu PC para completar a remoção de alguns itens e depois nos diga, por gentileza, como ficou o computador após estas limpezas.

Power Max escreveu:   Os problemas foram eliminados.

 Reinicie o seu PC para completar a remoção de alguns itens e depois nos diga, por gentileza, como ficou o computador após estas limpezas.

Sim ficou muito bom agora, O chrome está iniciando sozinho...antes ele iniciava 2 navegadores.

  Fico feliz que o problema tenha sido resolvido.

Só para finalizar faça estes últimos procedimentos, por gentileza:

Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).

Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:


Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.

Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):

__________________________________________________________________________________________________________________

Depois disto siga também as dicas deste tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)

*Depois disto é só executá-lo, deixar selecionadas as opções  Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique em [Run]

Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt

   Foi um prazer ajudar, conte sempre conosco!

Sim deu tudo certo.
Obrigado.

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.