Remover malware no Firefox.

boa tarde. Um malware instalou-se no mozzila. Já utilizei o malwarebyts, mas ainda assim ele persiste. Por favor, veja o log

  Olá Marcos.

No seu log do Malwarebytes está constando que nenhuma ação foi feita. Selecione todos os problemas encontrados pelo Malwarebytes, remova todos eles e depois poste aqui no seu tópico o novo log que ele vai criar.

Power Max escreveu:  Olá Marcos.

No seu log do Malwarebytes está constando que nenhuma ação foi feita. Selecione todos os problemas encontrados pelo Malwarebytes, remova todos eles e depois poste aqui no seu tópico o novo log que ele vai criar.

Desculpe, eu colei o log errado. Segue agora o correto


Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: v2014.03.22.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Marcos :: MARCOS-PC [administrador]

22/03/2014 15:53:08
mbam-log-2014-03-22 (15-53-08).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|F:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 362800
Tempo decorrido: 46 minuto(s), 19 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 33
HKCR\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828} (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828} (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassSvc (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99} (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickCtrl.9 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickProcessLauncherMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickProcessLauncherMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.Update3WebControl.3 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoCreateAsync (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoCreateAsync.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreClass (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreClass.1 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreMachineClass (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreMachineClass.1 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CredentialDialogMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CredentialDialogMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.ProcessLauncher (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.ProcessLauncher.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3COMClassService (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3COMClassService.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachineFallback (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebSvc (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebSvc.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\AppID\SaveSenseLive.exe (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\SaveSense (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 11
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0 (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\userCode (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\icons (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\icons\actions (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\api (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\popupResource (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 58
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdate.dll.vir (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\psuser.dll.vir (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir (PUP.Optional.SupTab.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx (PUP.Optional.NewTab.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml (PUP.Optional.SweetPage.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\background.html (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\crossriderManifest.json (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\manifest.json (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\popup.html (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\manifest.xml (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins.json (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\13_CrossriderAppUtils.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\14_CrossriderUtils.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\17_jQuery.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\19_CHAppAPIWrapper.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\1_base.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\21_debug.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\22_resources.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\28_initializer.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\47_resources_background.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\4_jquery_1_7_1.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\64_appApiMessage.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\72_appApiValidation.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\78_CrossriderInfo.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\80_CHPopupAppAPI.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\plugins\97_resourceApiWrapper.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\userCode\background.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\extensionData\userCode\extension.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\icons\icon128.png (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\icons\icon16.png (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\icons\icon48.png (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\icons\actions\1.png (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\background.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\main.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\api\chrome.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\api\cookie.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\api\message.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\api\pageAction.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\api\pageActionBG.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\app_api.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\bg_app_api.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\consts.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\cookie_store.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\crossriderAPI.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\delegate.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\events.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\extensionDataStore.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\installer.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\logFile.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\logging.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\onBGDocumentLoad.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\reports.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\storageWrapper.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\updateManager.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\util.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\xhr.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\popupResource\newPopup.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncponinidhonlloifacpbeafjkejipgn\1.0_0\js\lib\popupResource\popup.js (Adware.PimpMyWindow) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

  Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Power Max escreveu:  Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.022 - Relatório criado 22/03/2014 às 18:14:41
# Atualizado 13/03/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Marcos - MARCOS-PC
# Executando de : C:\Users\Marcos\Downloads\AdwCleaner (1).exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ Arquivo : C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14342 octets] - [22/03/2014 15:38:43]
AdwCleaner[R1].txt - [1041 octets] - [22/03/2014 17:01:00]
AdwCleaner[R2].txt - [1166 octets] - [22/03/2014 18:14:10]
AdwCleaner[S0].txt - [11642 octets] - [22/03/2014 15:40:49]
AdwCleaner[S1].txt - [1100 octets] - [22/03/2014 17:01:21]
AdwCleaner[S2].txt - [1085 octets] - [22/03/2014 18:14:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1145 octets] ##########

 Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Marcos on 22/03/2014 at 18:32:55,67.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22/03/2014 18:33:41 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default\prefs.js:
user_pref("browser.startup.homepage", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
user_pref("browser.newtab.url", "chrome://lightning/content/newtab.html");

Added to C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default

user.js not found
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "irmsd0103aw");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0AtD0FtA0CtCtD0FtByC0A0BtC0B0EtBtN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1
user_pref("extensions.irmysearch.cr", "639168709");
user_pref("extensions.irmysearch.instlRef", "");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632 removed from prefs.js ----
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.active", true);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.addressbar", "NA");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.addressbarenhanced", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.backgroundver", 1);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.certdomaininstaller", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.changeprevious", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.InstallationTime.value", "1395238540");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.more_data.expiration", "Fri Feb 01 2030 0
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.more_data.value", "%7B%22bar%22%3A%22%233
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.description", "D� vida nova a sua timeline, es
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.domain", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.enablesearch", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.homepage", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.iframe", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.InstallationThankYouPage", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.InstallationTime", 1395238540);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_appVer.value", "139");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_lastVersion.value", "2");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_nextCheck.expiration", "Sat
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.lastDailyReport", "1395523189027");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.lastUpdate", "1395523260909");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.manifesturl", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.name", "FbCores");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.newtab", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.opensearch", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.pluginsversion", 1);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.publisher", "FbCores");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.searchstatus", 0);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.setnewtab", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.thankyou", "https://www.facebook.com");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.updateinterval", 15);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.ver", 139);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.apps", "43632");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.bic", "144dab292f4db1965283720fec3e3903");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.cid", 43632);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.firstrun", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.hadappinstalled", true);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.installationdate", 1395238540);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.modetype", "production");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.reportInstall", true);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.statsDailyCounter", 7);
---- FireFox user.js and prefs.js backups ----

prefs_032014_1839_.backup

==== Deleting Files \ Folders ======================

C:\Users\Marcos\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\Users\Marcos\AppData\Local\cache deleted
C:\windows\SysNative\tasks\APSnotifierCA deleted
C:\Windows\tasks\APSnotifierCA.job deleted
C:\Users\Marcos\AppData\Roaming\unins000.exe deleted
C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default\extensions\781cb1a7-b6ca-44b4-a7f2-f4f6aa3776bc@20711806-1033-42cf-82cd-ce5f924b5c5c.com deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [03/02/2014 18:04]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default
- EPUBReader - %ProfilePath%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default
95812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
630B1C896D9DC03447A6951102EBEBFD - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
58B690C992C321664AB6145A350B5DCD - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[07/12/2013 14:27]

Google Docs - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Marcos\Desktop\Dropbox.lnk - C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Marcos\Desktop\Google Drive.lnk - C:\Users\Marcos\Google Drive
C:\Users\Marcos\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Marcos\Desktop\pdfsam.lnk - C:\Program Files (x86)\pdfsam\pdfsam-starter.exe
C:\Users\Marcos\Desktop\Winbraz.lnk - C:\Program Files (x86)\winbraz\Winbraz.exe
C:\Users\Marcos\Desktop\Dizer o Direito\10 principais julgados de Direito do Consumidor 2013 - Atalho.lnk - C:\Users\Marcos\Dropbox\Dizer o Direito\10 principais julgados de Direito do Consumidor 2013.pdf
C:\Users\Marcos\Desktop\Dizer o Direito\16 principais julgados de Direito Processual Civil 2013 - Atalho.lnk - C:\Users\Marcos\Dropbox\Dizer o Direito\16 principais julgados de Direito Processual Civil 2013.pdf
C:\Users\Marcos\Desktop\Dizer o Direito\17 principais julgados de Direito Penal 2013 - Atalho.lnk - C:\Users\Marcos\Dropbox\Dizer o Direito\17 principais julgados de Direito Penal 2013.pdf
C:\Users\Marcos\Desktop\Dizer o Direito\18 principais julgados de Direito Processual Penal 2013 - Atalho.lnk - C:\Users\Marcos\Dropbox\Dizer o Direito\18 principais julgados de Direito Processual Penal 2013.pdf
C:\Users\Marcos\Desktop\Dizer o Direito\8 principais julgados de Direito Empresarial 2013 - Atalho.lnk - C:\Users\Marcos\Dropbox\Dizer o Direito\8 principais julgados de Direito Empresarial 2013.pdf
C:\Users\Marcos\Desktop\Dizer o Direito\8 principais julgados de Direito Tributário 2013 - Atalho.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Camtasia Studio 8.lnk - C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Full Tilt Poker.lnk - C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe
C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge\pdfsam.lnk - C:\Program Files (x86)\pdfsam\pdfsam-starter.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge\Readme.lnk - C:\Program Files (x86)\pdfsam\doc\readme.txt
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge\Tutorial.lnk - C:\Program Files (x86)\pdfsam\doc\pdfsam-1.1.0-tutorial.pdf
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge\Uninstall.lnk - C:\Program Files (x86)\pdfsam\uninstall.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\Acordo de licença.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\Desinstalar.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\callmsi.exe /i {34E23913-0036-4CAF-BDF4-0E3689736DBB}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\Documentação.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Smart Security.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\egui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET SysInspector.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\SysInspector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET SysRescue.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\SysRescue.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\winbraz\Désinstallation.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\winbraz\Winbrazexe.lnk - C:\Program Files (x86)\winbraz\Winbraz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\winbraz\WinbrazHLP.lnk - C:\Program Files (x86)\winbraz\Winbraz.HLP
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\winbraz\Winbraz_eHLP.lnk - C:\Program Files (x86)\winbraz\Winbraz_e.HLP
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\winbraz\Winbraz_esHLP.lnk - C:\Program Files (x86)\winbraz\Winbraz_es.HLP
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\winbraz\Winbraz_nlhlp.lnk - C:\Program Files (x86)\winbraz\Winbraz_nl.hlp

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Marcos\AppData\Local\Mozilla\Firefox\Profiles\jwgzelo4.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=28 folders=25 1479801 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Marcos\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Marcos\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Marcos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 22/03/2014 at 18:45:07,49 ======================

 Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

Power Max escreveu:  Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Marcos on 22/03/2014 at 19:03:13,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Marcos\AppData\Roaming\mozilla\firefox\profiles\jwgzelo4.default\prefs.js

user_pref("extensions.crossrider.bic", "144ebc2be81afcf8b2f08a6c384a03a5");
Emptied folder: C:\Users\Marcos\AppData\Roaming\mozilla\firefox\profiles\jwgzelo4.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/03/2014 at 19:08:05,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
 
|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Power Max escreveu:  Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
 
|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.3.22.24 - Nicolas Coolman (22/03/2014)
~ Iniciado por Marcos (22/03/2014 19:21:40)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Spybot - Search & Destroy v2.2.25
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.00 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6020 MB (72% free)
System Restore: Activé (Enable)
System drive C: has 115 GB (59%) free of 195 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MARCOS-PC
~ User Name: Marcos
~ All Users Names: Marcos, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcos\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcos\AppData\Roaming\
~ %Desktop% : C:\Users\Marcos\Desktop\
~ %Favorites% : C:\Users\Marcos\Favorites\
~ %LocalAppData% : C:\Users\Marcos\AppData\Local\
~ %StartMenu% : C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 115 Go of 195 Go)
D: Hard drive, Flash drive, Thumb drive (Free 503 Go of 503 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 425 Go of 932 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 00:24:11.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F6C5302E1F4813D552F41A0AC82455E5] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/11/2010 - 00:23:55.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/11/2010 - 00:24:08.) -- C:\Windows\system32\Drivers\AFD.sys [499712]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.21/11/2010 - 00:24:03.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.21/11/2010 - 00:23:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 1/52
~ Mon Bureau (My Desktop) : 1/19
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.1908]
[MD5.A4C98FD0EB19815374011C929B7D728A] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128] [PID.1920]
[MD5.3D128E3AE74833E82F852BD096D937C5] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe [33508336] [PID.1932]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2384]
[MD5.AF49D1C79EA49A7833017F290EE63B82] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784] [PID.2556]
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.3296]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.976]
[MD5.E4758FC252A5014DA6A6CB7AE57DAD7C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8252416] [PID.368]
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720] [PID.772]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1512]
[MD5.4CB575D97653FA91FFB02DA3105EB084] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752] [PID.1584]
[MD5.3C4002D339491AF73D663FFC7F6E5ECB] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760] [PID.1676]
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.1720]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.2348]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.2840]
[MD5.A328A46D87BB92CE4D8A4528E9D84787] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848] [PID.3188]
[MD5.4269D44BB47A6DA5D80B11F4C8536458] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [276864] [PID.1812]
[MD5.DBE2E6388379D5CC78099650541E9566] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [364416] [PID.3948]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
~ BHO: 3 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Full Tilt Poker.lnk . (...) -- C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Program [Public]: HD VDeck.lnk . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [Marcos]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Marcos]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Marcos]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Marcos]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Marcos]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Marcos]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Marcos]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Marcos]: Google Drive.lnk . (...) -- C:\Users\Marcos\Google Drive
O4 - GS\Desktop [Marcos]: pdfsam.lnk . (...) -- C:\Program Files (x86)\pdfsam\pdfsam-starter.exe
O4 - GS\Desktop [Marcos]: Winbraz.lnk . (...) -- C:\Program Files (x86)\winbraz\Winbraz.exe
~ Global Startup: 65 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Marcos]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3970401433-4224590964-3777663225-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-3970401433-4224590964-3777663225-1000\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A636D69-5C31-4280-9CBF-8AF513F89045}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{C236FC76-03A0-4F69-84DD-9D986EBB91FE}: DhcpNameServer = 187.36.192.18 187.36.192.16 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A636D69-5C31-4280-9CBF-8AF513F89045}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{C236FC76-03A0-4F69-84DD-9D986EBB91FE}: DhcpNameServer = 187.36.192.18 187.36.192.16 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A636D69-5C31-4280-9CBF-8AF513F89045}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{C236FC76-03A0-4F69-84DD-9D986EBB91FE}: DhcpNameServer = 187.36.192.18 187.36.192.16 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.36.192.18 187.36.192.16 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 12 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{8CBAF8C0-FD72-4712-A9CB-76B9DD07D8A7}] (...) -- G:\GoogleDesktopSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8E9384BF-19BB-4BDC-873C-D18B8065DEF5}] (...) -- G:\Google Desktop Search\GoogleDesktopSetup.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 02s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Full Tilt Poker - (...) [HKLM][64Bits] -- {D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: winbraz - (...) [HKLM][64Bits] -- winbraz
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Full Tilt Poker]
[HKCU\Software\GbAs]
[HKCU\Software\Install]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Full Tilt Poker]
[HKLM\Software\Wow6432Node\Multilaser]
~ Key Software: 188 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/03/2014 - 01:08:46 - [136,654] ----D C:\Program Files (x86)\Full Tilt Poker
O43 - CFD: 31/01/2014 - 08:39:16 - [298,823] ----D C:\Program Files (x86)\VIA HD Audio UAA Driver Setup Program
O43 - CFD: 05/03/2014 - 18:12:23 - [29,659] ----D C:\Program Files (x86)\winbraz
O43 - CFD: 06/02/2014 - 12:54:26 - [0,001] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 31/01/2014 - 09:56:57 - [4,444] ----D C:\ProgramData\Multilaser Driver
O43 - CFD: 06/02/2014 - 12:54:45 - [2,821] ----D C:\Users\Marcos\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/03/2014 - 01:19:06 - [0,656] ----D C:\Users\Marcos\AppData\Local\FullTiltPoker
O43 - CFD: 05/03/2014 - 18:12:22 - [0] ----D C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\winbraz
~ Program Folder: 127 Legitimates Filtered in 00mn 06s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.00688E2966D1B44CD2F030B91608364E] - 10/03/2014 - 22:03:32 ---A- . (...) -- C:\APOSTILA LFG.pdf [2143621]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 22/03/2014 - 18:32:45 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.6A116BC8A9B708B66ABEACA9B590722F] - 22/03/2014 - 18:45:07 ---A- . (...) -- C:\zoek-results.log [28817]
O44 - LFC:[MD5.15786E1EDC00C999F8CC5A766C384E80] - 22/03/2014 - 19:16:49 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [127896]
O44 - LFC:[MD5.C52338655A8CC462611119061E13D09B] - 22/03/2014 - 19:16:49 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663606]
~ Files: 14 Legitimates Filtered in 00mn 00s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 12 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 19/03/2014 - 10:42:16 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 18 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON =>Adware.BDSearch
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
O64 - Services: CurCS - 17/09/2013 - C:\Windows\System32\DRIVERS\epfwwfp.sys (epfwwfp) .(.ESET - ESET Personal Firewall driver.) - LEGACY_EPFWWFP
~ Legacy: 88 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.E4B43CA8842F71C4EA2987CF727DBD8D] [SPRF][03/02/2014] (...) -- C:\Users\Marcos\AppData\Roaming\unins000.dat [19692]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 24/08/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 31/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 31/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/09/2013 1337752 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 15/10/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 20/09/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 13/09/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/08/2012 27792 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 12s



---\\ Scâner Aditional (088)
Database Version : 13031 - (22/03/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 4

C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Marcos\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
~ Additionnel Scan: 175595 Items scanned in 00mn 11s



---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AnyProtect
~ MSI: 2 link(s) detected in 00mn 11s



~ 903 Legitimates filtered by white list
End of the scan (459 lines in 00mn 57s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by Marcos at 22/03/2014 20:11:33
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BFILTER Parado
BFMON Parado
BPROTECT Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\AnyProtect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Install
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (391) (45.466.785 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {8CBAF8C0-FD72-4712-A9CB-76B9DD07D8A7}
ELIMINÉ: {8E9384BF-19BB-4BDC-873C-D18B8065DEF5}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
8 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
3 : Estado dos serviços
2 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 32s

========== Caminho do ficheiro do relatório ==========
C:\Users\Marcos\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/03/2014 20:11:38 [1863]

Reinicie o PC.

Depois que o computador tiver reiniciado, abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Power Max escreveu:Reinicie o PC.

 Depois que o computador tiver reiniciado, abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.3.22.24 - Nicolas Coolman (22/03/2014)
~ Iniciado por Marcos (22/03/2014 20:23:08)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 64-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Spybot - Search & Destroy v2.2.25

---\\ Softwares d'optimização do sistema
CCleaner v4.00 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6020 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 115 GB (58%) free of 195 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MARCOS-PC
~ User Name: Marcos
~ All Users Names: Marcos, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcos\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcos\AppData\Roaming\
~ %Desktop% : C:\Users\Marcos\Desktop\
~ %Favorites% : C:\Users\Marcos\Favorites\
~ %LocalAppData% : C:\Users\Marcos\AppData\Local\
~ %StartMenu% : C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 115 Go of 195 Go)
D: Hard drive, Flash drive, Thumb drive (Free 503 Go of 503 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 425 Go of 932 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 00:24:11.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F6C5302E1F4813D552F41A0AC82455E5] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/11/2010 - 00:23:55.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/11/2010 - 00:24:08.) -- C:\Windows\system32\Drivers\AFD.sys [499712]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.21/11/2010 - 00:24:03.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.21/11/2010 - 00:23:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 1/52
~ Mon Bureau (My Desktop) : 1/20
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.1376]
[MD5.A4C98FD0EB19815374011C929B7D728A] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128] [PID.1436]
[MD5.3D128E3AE74833E82F852BD096D937C5] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe [33508336] [PID.984]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2144]
[MD5.AF49D1C79EA49A7833017F290EE63B82] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784] [PID.2164]
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.3092]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.2744]
[MD5.E4758FC252A5014DA6A6CB7AE57DAD7C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8252416] [PID.2916]
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720] [PID.768]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1496]
[MD5.4CB575D97653FA91FFB02DA3105EB084] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752] [PID.1588]
[MD5.3C4002D339491AF73D663FFC7F6E5ECB] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760] [PID.1708]
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.1784]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.2444]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.2632]
[MD5.A328A46D87BB92CE4D8A4528E9D84787] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848] [PID.2096]
[MD5.4269D44BB47A6DA5D80B11F4C8536458] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [276864] [PID.4016]
[MD5.DBE2E6388379D5CC78099650541E9566] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [364416] [PID.3996]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
~ BHO: 3 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Full Tilt Poker.lnk . (...) -- C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Program [Public]: HD VDeck.lnk . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [Marcos]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Marcos]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Marcos]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Marcos]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Marcos]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Marcos]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Marcos]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Marcos]: Google Drive.lnk . (...) -- C:\Users\Marcos\Google Drive
O4 - GS\Desktop [Marcos]: pdfsam.lnk . (...) -- C:\Program Files (x86)\pdfsam\pdfsam-starter.exe
O4 - GS\Desktop [Marcos]: Winbraz.lnk . (...) -- C:\Program Files (x86)\winbraz\Winbraz.exe
~ Global Startup: 65 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Marcos]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3970401433-4224590964-3777663225-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-3970401433-4224590964-3777663225-1000\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 01s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A636D69-5C31-4280-9CBF-8AF513F89045}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{C236FC76-03A0-4F69-84DD-9D986EBB91FE}: DhcpNameServer = 187.36.192.18 187.36.192.16 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A636D69-5C31-4280-9CBF-8AF513F89045}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{C236FC76-03A0-4F69-84DD-9D986EBB91FE}: DhcpNameServer = 187.36.192.18 187.36.192.16 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A636D69-5C31-4280-9CBF-8AF513F89045}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{C236FC76-03A0-4F69-84DD-9D986EBB91FE}: DhcpNameServer = 187.36.192.18 187.36.192.16 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.36.192.18 187.36.192.16 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 12 Legitimates Filtered in 00mn 05s



---\\ Software instalados (042)
O42 - Logiciel: Full Tilt Poker - (...) [HKLM][64Bits] -- {D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: winbraz - (...) [HKLM][64Bits] -- winbraz
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Full Tilt Poker]
[HKCU\Software\GbAs]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Full Tilt Poker]
[HKLM\Software\Wow6432Node\Multilaser]
~ Key Software: 184 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/03/2014 - 01:08:46 - [136,654] ----D C:\Program Files (x86)\Full Tilt Poker
O43 - CFD: 31/01/2014 - 08:39:16 - [298,823] ----D C:\Program Files (x86)\VIA HD Audio UAA Driver Setup Program
O43 - CFD: 05/03/2014 - 18:12:23 - [29,659] ----D C:\Program Files (x86)\winbraz
O43 - CFD: 31/01/2014 - 09:56:57 - [4,444] ----D C:\ProgramData\Multilaser Driver
O43 - CFD: 16/03/2014 - 01:19:06 - [0,656] ----D C:\Users\Marcos\AppData\Local\FullTiltPoker
O43 - CFD: 05/03/2014 - 18:12:22 - [0] ----D C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\winbraz
~ Program Folder: 126 Legitimates Filtered in 00mn 40s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.00688E2966D1B44CD2F030B91608364E] - 10/03/2014 - 22:03:32 ---A- . (...) -- C:\APOSTILA LFG.pdf [2143621]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 22/03/2014 - 18:32:45 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.6A116BC8A9B708B66ABEACA9B590722F] - 22/03/2014 - 18:45:07 ---A- . (...) -- C:\zoek-results.log [28817]
O44 - LFC:[MD5.15786E1EDC00C999F8CC5A766C384E80] - 22/03/2014 - 19:16:49 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [127896]
O44 - LFC:[MD5.C52338655A8CC462611119061E13D09B] - 22/03/2014 - 19:16:49 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663606]
~ Files: 14 Legitimates Filtered in 01mn 11s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 12 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 19/03/2014 - 10:42:16 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 18 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 17/09/2013 - C:\Windows\System32\DRIVERS\epfwwfp.sys (epfwwfp) .(.ESET - ESET Personal Firewall driver.) - LEGACY_EPFWWFP
~ Legacy: 88 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.E4B43CA8842F71C4EA2987CF727DBD8D] [SPRF][03/02/2014] (...) -- C:\Users\Marcos\AppData\Roaming\unins000.dat [19692]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 24/08/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 31/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 31/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/09/2013 1337752 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 15/10/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 20/09/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 13/09/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/08/2012 27792 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 11s



---\\ Scâner Aditional (088)
Database Version : 13031 - (22/03/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 175481 Items scanned in 00mn 23s



---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 1 link(s) detected in 00mn 23s



~ 888 Legitimates filtered by white list
End of the scan (425 lines in 03mn 00s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by Marcos at 22/03/2014 20:55:44
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 03s)

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (277) (43.681.253 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 20s

========== Caminho do ficheiro do relatório ==========
C:\Users\Marcos\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/03/2014 20:11:38 [1944]
C:\Users\Marcos\AppData\Roaming\ZHP\ZHPFix[R2].txt - 22/03/2014 20:55:47 [969]

Como está seu PC após estas limpezas?

Power Max escreveu:Como está seu PC após estas limpezas?

Inicialmente gostaria de agradecer por valiosa ajuda.

Mas o meu problema persiste com o mozilla firefox.

Ainda deve ter um malware que direciona a pagina inicial para

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Logo em seguida, na pagina do google aparecem diversas mensagens tipo : "Seu arquivo está pronto, pode baixar"; "3 passos para um PC mais rápido" "ATENÇAO, seu PC pode estar com problemas, click aqui".enfim. Sao fortes indícios de malware. Tenho certeza que se clicar vai me direcionar para outras paginas com outros problemas.

Curioso que no Chrome tá normal.

desde já agradeço mais uma vez.

 Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

*Execute o FRST e aceite o contrato


*Clique [Scan]


*Ao término clique [OK] > [OK]



*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

Power Max escreveu:  Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

*Execute o FRST e aceite o contrato

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Scan]

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Ao término clique [OK] > [OK]

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Marcos (administrator) on MARCOS-PC on 22-03-2014 21:29:52
Running from C:\Users\Marcos\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3970401433-4224590964-3777663225-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-3970401433-4224590964-3777663225-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC153CA54841ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1582632 2014-02-21] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 187.36.192.18 187.36.192.16 201.6.4.116

FireFox:
========
FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default
FF NewTab: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: gastecnologia.com.br/sf/bb - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: No Name - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default\Extensions\781cb1a7-b6ca-44b4-a7f2-f4f6aa3776bc@20711806-1033-42cf-82cd-ce5f924b5c5c.com [2014-03-22]
FF Extension: EPUBReader - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-03-22]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-03-13]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-03-13]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-02-03]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31]
CHR Extension: (Google Drive) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-31]
CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]
CHR Extension: (Pesquisa do Google) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh [2014-02-03]
CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
CHR HKCU\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2014-02-03]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720 2014-02-21] (GAS Tecnologia)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 21:29 - 2014-03-22 21:29 - 00013050 _____ () C:\Users\Marcos\Downloads\FRST.txt
2014-03-22 21:29 - 2014-03-22 21:29 - 00000000 ____D () C:\FRST
2014-03-22 21:28 - 2014-03-22 21:28 - 02157056 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe
2014-03-22 21:04 - 2014-03-22 20:55 - 00001049 _____ () C:\Users\Marcos\Desktop\ZHPFixReport.txt
2014-03-22 20:26 - 2014-03-22 20:26 - 00029913 _____ () C:\Users\Marcos\Desktop\ZHPDiag.txt
2014-03-22 20:15 - 2014-03-22 20:15 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CrashDumps
2014-03-22 20:08 - 2014-03-22 20:08 - 00003156 _____ () C:\Windows\System32\Tasks\{F9939EF5-2807-483A-AB28-A776420C9F01}
2014-03-22 19:21 - 2014-03-22 20:55 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\ZHP
2014-03-22 19:21 - 2014-03-22 20:23 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-22 19:21 - 2014-03-22 19:21 - 00001991 _____ () C:\Users\Marcos\Desktop\ZHPFix.lnk
2014-03-22 19:21 - 2014-03-22 19:21 - 00001864 _____ () C:\Users\Marcos\Desktop\ZHPDiag.lnk
2014-03-22 19:19 - 2014-03-22 19:19 - 06857932 _____ (Nicolas Coolman ) C:\Users\Marcos\Downloads\ZHPDiag2.exe
2014-03-22 19:08 - 2014-03-22 19:08 - 00001363 _____ () C:\Users\Marcos\Desktop\JRT.txt
2014-03-22 19:03 - 2014-03-22 19:03 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 19:02 - 2014-03-22 19:02 - 01037734 _____ (Thisisu) C:\Users\Marcos\Downloads\JRT.exe
2014-03-22 18:42 - 2014-03-22 18:32 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-22 18:33 - 2014-03-22 18:45 - 00028817 _____ () C:\zoek-results.log
2014-03-22 18:31 - 2014-03-22 18:39 - 00000000 ____D () C:\zoek_backup
2014-03-22 18:30 - 2014-03-22 18:30 - 01285120 _____ () C:\Users\Marcos\Downloads\zoek.exe
2014-03-22 18:13 - 2014-03-22 18:13 - 01950720 _____ () C:\Users\Marcos\Downloads\AdwCleaner (1).exe
2014-03-22 16:51 - 2014-03-22 21:05 - 00031024 _____ () C:\Windows\PFRO.log
2014-03-22 15:51 - 2014-03-22 15:51 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-22 15:51 - 2014-03-22 15:51 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-03-22 15:51 - 2014-03-22 15:51 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Malwarebytes
2014-03-22 15:51 - 2014-03-22 15:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 15:51 - 2014-03-22 15:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 15:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-22 15:50 - 2014-03-22 15:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-22 15:42 - 2014-03-22 21:05 - 00000448 _____ () C:\Windows\setupact.log
2014-03-22 15:42 - 2014-03-22 15:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-22 15:37 - 2014-03-22 18:14 - 00000000 ____D () C:\AdwCleaner
2014-03-22 15:37 - 2014-03-22 15:37 - 01950720 _____ () C:\Users\Marcos\Downloads\AdwCleaner.exe
2014-03-22 14:18 - 2014-03-22 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 18:03 - 2014-03-20 18:05 - 19475400 _____ () C:\Users\Marcos\Documents\Material para estudo.zip
2014-03-19 23:49 - 2014-03-19 23:49 - 00000000 ____D () C:\Users\Marcos\Desktop\Nova pasta
2014-03-19 23:15 - 2014-03-19 23:15 - 00003004 _____ () C:\Users\Marcos\Documents\0002159-46.2013.4.02.5050.htm
2014-03-19 23:15 - 2014-03-19 23:15 - 00000000 ____D () C:\Users\Marcos\Documents\0002159-46.2013.4.02.5050_files
2014-03-19 23:13 - 2014-03-19 23:13 - 00003034 _____ () C:\Users\Marcos\Documents\0002333-60.2010.4.02.5050.htm
2014-03-19 23:13 - 2014-03-19 23:13 - 00000000 ____D () C:\Users\Marcos\Documents\0002333-60.2010.4.02.5050_files
2014-03-19 11:14 - 2014-03-19 11:14 - 02393640 _____ (Banco do Brasil SA) C:\Users\Marcos\Downloads\DiagnosticoBB (3).exe
2014-03-19 11:05 - 2014-03-19 11:05 - 02393640 _____ (Banco do Brasil SA) C:\Users\Marcos\Downloads\DiagnosticoBB (2).exe
2014-03-18 21:44 - 2014-03-18 21:44 - 01306624 _____ () C:\Users\Marcos\Downloads\appcolor.exe
2014-03-13 14:13 - 2014-03-13 14:13 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\ESET
2014-03-13 14:13 - 2014-03-13 14:13 - 00000000 ____D () C:\Users\Marcos\AppData\Local\ESET
2014-03-13 14:11 - 2014-03-13 14:11 - 00000000 ____D () C:\Users\Todos os Usuários\ESET
2014-03-13 14:11 - 2014-03-13 14:11 - 00000000 ____D () C:\ProgramData\ESET
2014-03-13 14:11 - 2014-03-13 14:11 - 00000000 ____D () C:\Program Files\ESET
2014-03-13 14:04 - 2014-03-13 14:08 - 81645568 _____ () C:\Users\Marcos\Downloads\ess_nt64_ptb.msi
2014-03-08 19:43 - 2014-03-08 20:17 - 148524689 _____ () C:\Users\Marcos\Downloads\Aula 06 - DVD-Title2.flv
2014-03-08 19:43 - 2014-03-08 20:13 - 113714441 _____ () C:\Users\Marcos\Downloads\Aula 05 - DVD-Title1.flv
2014-03-08 19:42 - 2014-03-08 20:28 - 255937150 _____ () C:\Users\Marcos\Downloads\Aula 10 - DVD-Title1.flv
2014-03-08 19:42 - 2014-03-08 20:28 - 237934889 _____ () C:\Users\Marcos\Downloads\Aula 09 - DVD-Title1.flv
2014-03-08 19:42 - 2014-03-08 20:28 - 237083732 _____ () C:\Users\Marcos\Downloads\Aula 09 - DVD-Title2.flv
2014-03-08 19:42 - 2014-03-08 20:27 - 233878232 _____ () C:\Users\Marcos\Downloads\Aula 10 - DVD-Title2 (1).flv
2014-03-08 19:42 - 2014-03-08 20:26 - 230272824 _____ () C:\Users\Marcos\Downloads\Aula 12 - DVD-Title1.flv
2014-03-08 19:42 - 2014-03-08 20:25 - 110258681 _____ () C:\Users\Marcos\Downloads\Aula 08 - DVD-Title2.flv
2014-03-08 19:42 - 2014-03-08 20:20 - 151030841 _____ () C:\Users\Marcos\Downloads\Aula 06 - DVD-Title1.flv
2014-03-08 19:42 - 2014-03-08 20:19 - 150062357 _____ () C:\Users\Marcos\Downloads\Aula 07 - DVD-Title2.flv
2014-03-08 19:42 - 2014-03-08 20:19 - 149358137 _____ () C:\Users\Marcos\Downloads\Aula 08 - DVD-Title1.flv
2014-03-08 19:42 - 2014-03-08 20:17 - 114440441 _____ () C:\Users\Marcos\Downloads\Aula 07 - DVD-Title1.flv
2014-03-08 19:42 - 2014-03-08 20:13 - 116348369 _____ () C:\Users\Marcos\Downloads\Aula 05 - DVD-Title2.flv
2014-03-08 19:41 - 2014-03-08 20:29 - 242558999 _____ () C:\Users\Marcos\Downloads\Aula 11 - DVD-Title1.flv
2014-03-08 19:41 - 2014-03-08 20:26 - 235578908 _____ () C:\Users\Marcos\Downloads\Aula 11 - DVD-Title2 (1).flv
2014-03-08 19:41 - 2014-03-08 20:25 - 229967557 _____ () C:\Users\Marcos\Downloads\Aula 12 - DVD-Title2 (1).flv
2014-03-08 19:34 - 2014-03-08 20:21 - 240914996 _____ () C:\Users\Marcos\Downloads\Aula 13 - DVD-Title1.flv
2014-03-08 19:34 - 2014-03-08 20:17 - 202083420 _____ () C:\Users\Marcos\Downloads\Aula 13 - DVD-Title2 (1).flv
2014-03-08 19:34 - 2014-03-08 20:13 - 239615724 _____ () C:\Users\Marcos\Downloads\Aula 04 - DVD-Title1.flv
2014-03-08 19:34 - 2014-03-08 19:52 - 139389479 _____ () C:\Users\Marcos\Downloads\Aula 14 - DVD-Title.flv
2014-03-08 19:32 - 2014-03-08 20:20 - 288143201 _____ () C:\Users\Marcos\Downloads\Aula 02 - DVD-Title2 (1).flv
2014-03-08 19:32 - 2014-03-08 19:50 - 240734151 _____ () C:\Users\Marcos\Downloads\Aula 01 - DVD-Title2 (1).flv
2014-03-08 19:28 - 2014-03-08 19:31 - 151556465 _____ () C:\Users\Marcos\Downloads\Aula 04 - DVD-Title2.flv
2014-03-08 19:11 - 2014-03-08 19:25 - 226903169 _____ () C:\Users\Marcos\Downloads\Aula 03 - DVD-Title2.flv
2014-03-08 19:05 - 2014-03-08 19:10 - 240908892 _____ () C:\Users\Marcos\Downloads\Aula 03 - DVD-Title1.flv
2014-03-08 18:47 - 2014-03-08 19:04 - 288143201 _____ () C:\Users\Marcos\Downloads\Aula 02 - DVD-Title2.flv
2014-03-05 18:16 - 2014-03-05 18:17 - 00000995 _____ () C:\Users\Marcos\Desktop\Winbraz.lnk
2014-03-05 18:12 - 2014-03-05 18:12 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\winbraz
2014-03-05 18:12 - 2014-03-05 18:12 - 00000000 ____D () C:\Program Files (x86)\winbraz

==================== One Month Modified Files and Folders =======

2014-03-22 21:29 - 2014-03-22 21:29 - 00013050 _____ () C:\Users\Marcos\Downloads\FRST.txt
2014-03-22 21:29 - 2014-03-22 21:29 - 00000000 ____D () C:\FRST
2014-03-22 21:28 - 2014-03-22 21:28 - 02157056 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe
2014-03-22 21:12 - 2009-07-14 01:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 21:12 - 2009-07-14 01:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 21:11 - 2010-11-21 06:37 - 00663606 _____ () C:\Windows\system32\prfh0416.dat
2014-03-22 21:11 - 2010-11-21 06:37 - 00127896 _____ () C:\Windows\system32\prfc0416.dat
2014-03-22 21:11 - 2009-07-14 02:13 - 01517030 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 21:06 - 2014-02-17 09:43 - 00000000 ___RD () C:\Users\Marcos\Google Drive
2014-03-22 21:06 - 2014-02-13 15:32 - 00000000 ___RD () C:\Users\Marcos\Dropbox
2014-03-22 21:06 - 2014-02-13 15:29 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Dropbox
2014-03-22 21:06 - 2014-02-07 19:46 - 01556004 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 21:05 - 2014-03-22 16:51 - 00031024 _____ () C:\Windows\PFRO.log
2014-03-22 21:05 - 2014-03-22 15:42 - 00000448 _____ () C:\Windows\setupact.log
2014-03-22 21:05 - 2014-01-31 23:07 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-22 21:05 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 20:55 - 2014-03-22 21:04 - 00001049 _____ () C:\Users\Marcos\Desktop\ZHPFixReport.txt
2014-03-22 20:55 - 2014-03-22 19:21 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\ZHP
2014-03-22 20:46 - 2014-01-31 23:07 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-22 20:37 - 2014-02-06 12:57 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 20:26 - 2014-03-22 20:26 - 00029913 _____ () C:\Users\Marcos\Desktop\ZHPDiag.txt
2014-03-22 20:23 - 2014-03-22 19:21 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-22 20:15 - 2014-03-22 20:15 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CrashDumps
2014-03-22 20:08 - 2014-03-22 20:08 - 00003156 _____ () C:\Windows\System32\Tasks\{F9939EF5-2807-483A-AB28-A776420C9F01}
2014-03-22 19:21 - 2014-03-22 19:21 - 00001991 _____ () C:\Users\Marcos\Desktop\ZHPFix.lnk
2014-03-22 19:21 - 2014-03-22 19:21 - 00001864 _____ () C:\Users\Marcos\Desktop\ZHPDiag.lnk
2014-03-22 19:19 - 2014-03-22 19:19 - 06857932 _____ (Nicolas Coolman ) C:\Users\Marcos\Downloads\ZHPDiag2.exe
2014-03-22 19:08 - 2014-03-22 19:08 - 00001363 _____ () C:\Users\Marcos\Desktop\JRT.txt
2014-03-22 19:03 - 2014-03-22 19:03 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 19:02 - 2014-03-22 19:02 - 01037734 _____ (Thisisu) C:\Users\Marcos\Downloads\JRT.exe
2014-03-22 18:45 - 2014-03-22 18:33 - 00028817 _____ () C:\zoek-results.log
2014-03-22 18:39 - 2014-03-22 18:31 - 00000000 ____D () C:\zoek_backup
2014-03-22 18:32 - 2014-03-22 18:42 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-22 18:30 - 2014-03-22 18:30 - 01285120 _____ () C:\Users\Marcos\Downloads\zoek.exe
2014-03-22 18:14 - 2014-03-22 15:37 - 00000000 ____D () C:\AdwCleaner
2014-03-22 18:13 - 2014-03-22 18:13 - 01950720 _____ () C:\Users\Marcos\Downloads\AdwCleaner (1).exe
2014-03-22 15:51 - 2014-03-22 15:51 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-22 15:51 - 2014-03-22 15:51 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-03-22 15:51 - 2014-03-22 15:51 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Malwarebytes
2014-03-22 15:51 - 2014-03-22 15:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 15:51 - 2014-03-22 15:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 15:50 - 2014-03-22 15:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-22 15:42 - 2014-03-22 15:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-22 15:42 - 2014-02-03 17:52 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-03-22 15:42 - 2014-02-03 17:52 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-03-22 15:42 - 2014-01-31 10:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-22 15:40 - 2014-01-31 08:28 - 00001154 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-22 15:40 - 2014-01-31 08:28 - 00000967 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-22 15:37 - 2014-03-22 15:37 - 01950720 _____ () C:\Users\Marcos\Downloads\AdwCleaner.exe
2014-03-22 15:31 - 2014-02-06 13:31 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-22 14:18 - 2014-03-22 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-22 14:04 - 2014-02-03 17:51 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-03-22 14:04 - 2014-02-03 17:51 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-03-21 01:08 - 2014-02-07 21:21 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
2014-03-20 18:05 - 2014-03-20 18:03 - 19475400 _____ () C:\Users\Marcos\Documents\Material para estudo.zip
2014-03-19 23:49 - 2014-03-19 23:49 - 00000000 ____D () C:\Users\Marcos\Desktop\Nova pasta
2014-03-19 23:15 - 2014-03-19 23:15 - 00003004 _____ () C:\Users\Marcos\Documents\0002159-46.2013.4.02.5050.htm
2014-03-19 23:15 - 2014-03-19 23:15 - 00000000 ____D () C:\Users\Marcos\Documents\0002159-46.2013.4.02.5050_files
2014-03-19 23:13 - 2014-03-19 23:13 - 00003034 _____ () C:\Users\Marcos\Documents\0002333-60.2010.4.02.5050.htm
2014-03-19 23:13 - 2014-03-19 23:13 - 00000000 ____D () C:\Users\Marcos\Documents\0002333-60.2010.4.02.5050_files
2014-03-19 11:15 - 2014-02-03 17:51 - 00011757 _____ () C:\Users\Marcos\Downloads\Diagnóstico BB.log
2014-03-19 11:14 - 2014-03-19 11:14 - 02393640 _____ (Banco do Brasil SA) C:\Users\Marcos\Downloads\DiagnosticoBB (3).exe
2014-03-19 11:09 - 2014-02-03 17:52 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2014-03-19 11:05 - 2014-03-19 11:05 - 02393640 _____ (Banco do Brasil SA) C:\Users\Marcos\Downloads\DiagnosticoBB (2).exe
2014-03-19 10:42 - 2014-02-03 17:52 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\SysWOW64\Drivers\gbpndisrd.sys
2014-03-19 10:42 - 2014-02-03 17:52 - 00010266 _____ () C:\Windows\SysWOW64\Drivers\ndisrd.cat
2014-03-19 10:42 - 2014-02-03 17:52 - 00001402 _____ () C:\Windows\SysWOW64\Drivers\gas.cer
2014-03-18 21:44 - 2014-03-18 21:44 - 01306624 _____ () C:\Users\Marcos\Downloads\appcolor.exe
2014-03-16 01:19 - 2014-02-07 21:21 - 00000000 ____D () C:\Users\Marcos\AppData\Local\FullTiltPoker
2014-03-15 14:48 - 2014-01-31 23:08 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 13:54 - 2014-02-01 13:20 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-03-15 13:54 - 2014-02-01 13:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-13 14:13 - 2014-03-13 14:13 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\ESET
2014-03-13 14:13 - 2014-03-13 14:13 - 00000000 ____D () C:\Users\Marcos\AppData\Local\ESET
2014-03-13 14:11 - 2014-03-13 14:11 - 00000000 ____D () C:\Users\Todos os Usuários\ESET
2014-03-13 14:11 - 2014-03-13 14:11 - 00000000 ____D () C:\ProgramData\ESET
2014-03-13 14:11 - 2014-03-13 14:11 - 00000000 ____D () C:\Program Files\ESET
2014-03-13 14:08 - 2014-03-13 14:04 - 81645568 _____ () C:\Users\Marcos\Downloads\ess_nt64_ptb.msi
2014-03-12 11:37 - 2014-02-06 12:57 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 11:37 - 2014-01-31 23:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 11:37 - 2014-01-31 23:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-08 20:29 - 2014-03-08 19:41 - 242558999 _____ () C:\Users\Marcos\Downloads\Aula 11 - DVD-Title1.flv
2014-03-08 20:28 - 2014-03-08 19:42 - 255937150 _____ () C:\Users\Marcos\Downloads\Aula 10 - DVD-Title1.flv
2014-03-08 20:28 - 2014-03-08 19:42 - 237934889 _____ () C:\Users\Marcos\Downloads\Aula 09 - DVD-Title1.flv
2014-03-08 20:28 - 2014-03-08 19:42 - 237083732 _____ () C:\Users\Marcos\Downloads\Aula 09 - DVD-Title2.flv
2014-03-08 20:27 - 2014-03-08 19:42 - 233878232 _____ () C:\Users\Marcos\Downloads\Aula 10 - DVD-Title2 (1).flv
2014-03-08 20:26 - 2014-03-08 19:42 - 230272824 _____ () C:\Users\Marcos\Downloads\Aula 12 - DVD-Title1.flv
2014-03-08 20:26 - 2014-03-08 19:41 - 235578908 _____ () C:\Users\Marcos\Downloads\Aula 11 - DVD-Title2 (1).flv
2014-03-08 20:25 - 2014-03-08 19:42 - 110258681 _____ () C:\Users\Marcos\Downloads\Aula 08 - DVD-Title2.flv
2014-03-08 20:25 - 2014-03-08 19:41 - 229967557 _____ () C:\Users\Marcos\Downloads\Aula 12 - DVD-Title2 (1).flv
2014-03-08 20:21 - 2014-03-08 19:34 - 240914996 _____ () C:\Users\Marcos\Downloads\Aula 13 - DVD-Title1.flv
2014-03-08 20:20 - 2014-03-08 19:42 - 151030841 _____ () C:\Users\Marcos\Downloads\Aula 06 - DVD-Title1.flv
2014-03-08 20:20 - 2014-03-08 19:32 - 288143201 _____ () C:\Users\Marcos\Downloads\Aula 02 - DVD-Title2 (1).flv
2014-03-08 20:19 - 2014-03-08 19:42 - 150062357 _____ () C:\Users\Marcos\Downloads\Aula 07 - DVD-Title2.flv
2014-03-08 20:19 - 2014-03-08 19:42 - 149358137 _____ () C:\Users\Marcos\Downloads\Aula 08 - DVD-Title1.flv
2014-03-08 20:17 - 2014-03-08 19:43 - 148524689 _____ () C:\Users\Marcos\Downloads\Aula 06 - DVD-Title2.flv
2014-03-08 20:17 - 2014-03-08 19:42 - 114440441 _____ () C:\Users\Marcos\Downloads\Aula 07 - DVD-Title1.flv
2014-03-08 20:17 - 2014-03-08 19:34 - 202083420 _____ () C:\Users\Marcos\Downloads\Aula 13 - DVD-Title2 (1).flv
2014-03-08 20:13 - 2014-03-08 19:43 - 113714441 _____ () C:\Users\Marcos\Downloads\Aula 05 - DVD-Title1.flv
2014-03-08 20:13 - 2014-03-08 19:42 - 116348369 _____ () C:\Users\Marcos\Downloads\Aula 05 - DVD-Title2.flv
2014-03-08 20:13 - 2014-03-08 19:34 - 239615724 _____ () C:\Users\Marcos\Downloads\Aula 04 - DVD-Title1.flv
2014-03-08 19:52 - 2014-03-08 19:34 - 139389479 _____ () C:\Users\Marcos\Downloads\Aula 14 - DVD-Title.flv
2014-03-08 19:50 - 2014-03-08 19:32 - 240734151 _____ () C:\Users\Marcos\Downloads\Aula 01 - DVD-Title2 (1).flv
2014-03-08 19:31 - 2014-03-08 19:28 - 151556465 _____ () C:\Users\Marcos\Downloads\Aula 04 - DVD-Title2.flv
2014-03-08 19:25 - 2014-03-08 19:11 - 226903169 _____ () C:\Users\Marcos\Downloads\Aula 03 - DVD-Title2.flv
2014-03-08 19:10 - 2014-03-08 19:05 - 240908892 _____ () C:\Users\Marcos\Downloads\Aula 03 - DVD-Title1.flv
2014-03-08 19:04 - 2014-03-08 18:47 - 288143201 _____ () C:\Users\Marcos\Downloads\Aula 02 - DVD-Title2.flv
2014-03-08 12:20 - 2014-02-01 10:02 - 00004608 _____ () C:\Users\Marcos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-05 18:17 - 2014-03-05 18:16 - 00000995 _____ () C:\Users\Marcos\Desktop\Winbraz.lnk
2014-03-05 18:12 - 2014-03-05 18:12 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\winbraz
2014-03-05 18:12 - 2014-03-05 18:12 - 00000000 ____D () C:\Program Files (x86)\winbraz
2014-03-02 15:57 - 2014-01-31 08:48 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2014-03-02 15:57 - 2014-01-31 08:48 - 00000000 ____D () C:\ProgramData\Skype
2014-03-02 08:59 - 2014-01-31 12:01 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-03-01 23:46 - 2014-01-31 08:26 - 00000000 ____D () C:\Users\Marcos
2014-02-24 17:24 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-20 18:44 - 2014-02-17 09:49 - 00000000 ____D () C:\Users\Marcos\Desktop\Dizer o Direito
2014-02-20 10:35 - 2014-01-31 23:07 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Google

Some content of TEMP:
====================
C:\Users\Marcos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezexyw.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 16:04

==================== End Of Log ============================








Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Marcos at 2014-03-22 21:30:07
Running from C:\Users\Marcos\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 7.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 7.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Firewall pessoal da ESET (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Camtasia Studio 8 (HKLM-x32\...\{2B1F8DD0-873D-4AC3-8400-766F255FE263}) (Version: 8.1.0.1281 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
ESET Smart Security (HKLM\...\{34E23913-0036-4CAF-BDF4-0E3689736DBB}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.4.27.WIN.FullTilt.COM - )
GBBD Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.7.1.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Mega Codec Pack 10.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Malwarebytes Anti-Malware versão 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 pt-BR)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Multilaser Wireless LAN Card (HKLM-x32\...\{D4FB9ADB-4710-4B0A-9923-D78C089ECB0E}) (Version: 1.5.12.0 - Multilaser)
Nero 7 Essentials (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301046}) (Version: 7.02.9753 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.1 - Frank Heindörfer, Philip Chinery)
pdfsam (HKCU\...\pdfsam) (Version: 2.2.0 - )
Petição Web 1.0 (HKLM-x32\...\petweb1.0_is1) (Version: 1.0 - MPS Informática)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
TP-LINK TL-WN821N Driver (HKLM-x32\...\{26B52E5B-1620-4676-9B46-B6C56B8105CE}) (Version: 1.2.1 - TP-LINK)
VIA Gerenciador de dispositivo de plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
winbraz (HKLM-x32\...\winbraz) (Version: - )
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points =========================

01-03-2014 23:29:09 Ponto de Verificação Agendado
02-03-2014 18:56:37 Removed Skype 6.3
11-03-2014 00:08:00 Ponto de Verificação Agendado
13-03-2014 17:01:29 avast! antivirus system restore point
13-03-2014 17:10:26 Instalado ESET Smart Security
20-03-2014 19:11:40 Ponto de Verificação Agendado
22-03-2014 17:46:52 Installed SpyHunter
22-03-2014 18:31:15 Removed SpyHunter
22-03-2014 21:33:28 zoek.exe restore point
22-03-2014 23:11:09 ZHPFix Restore System Point
22-03-2014 23:55:29 ZHPFix Restore System Point

==================== Hosts content: ==========================

2009-07-13 23:34 - 2014-03-22 18:33 - 00000840 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {3BB4044B-E540-4791-89BA-29BA44D70BFA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)
Task: {880FB6E2-BAA2-470F-A9DA-73BDEA2FEDB7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {AB58BE4E-1757-4CFB-8E49-B6213F20097F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {AECCFA73-8A37-4198-9F08-B1F2B6060DD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)
Task: {E1625F89-5315-4BC1-8F17-F88993BF5ED5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F00F028B-018B-4F24-86F0-A74DA402E57A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {FC4FD4C2-2C6D-4287-A751-37997696612A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-31 10:11 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-01-31 08:34 - 2012-08-23 05:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-31 08:39 - 2012-08-16 17:04 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-01-31 08:39 - 2012-08-16 17:04 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-02-06 16:09 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-06 16:09 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-06 16:09 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-06 16:09 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-06 16:09 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-22 21:06 - 2014-03-22 21:06 - 00041984 _____ () c:\users\marcos\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezexyw.dll
2013-10-18 20:55 - 2013-10-18 20:55 - 25100288 _____ () C:\Users\Marcos\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-22 21:05 - 2014-03-22 21:05 - 00098816 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32api.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00110080 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\pywintypes27.dll
2014-03-22 21:05 - 2014-03-22 21:05 - 00364544 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\pythoncom27.dll
2014-03-22 21:05 - 2014-03-22 21:05 - 00044032 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\_socket.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 01157120 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\_ssl.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00320512 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32com.shell.shell.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00712192 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\_hashlib.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 01175040 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\wx._core_.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00805888 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\wx._gdi_.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00811008 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\wx._windows_.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 01062400 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\wx._controls_.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00735232 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\wx._misc_.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00128512 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\_elementtree.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00127488 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\pyexpat.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00557056 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\pysqlite2._sqlite.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00087040 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\_ctypes.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00119808 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32file.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00108544 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32security.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00018432 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32event.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00038912 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32inet.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00122368 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\wx._wizard.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00070656 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\wx._html2.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00026624 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\_multiprocessing.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00010240 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\select.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00024064 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32pipe.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00686080 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\unicodedata.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00025600 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32pdh.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00525640 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\windows._lib_cacheinvalidation.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00011264 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32crypt.pyd
2014-03-22 21:06 - 2014-03-22 21:06 - 00035840 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32process.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00017408 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32profile.pyd
2014-03-22 21:05 - 2014-03-22 21:05 - 00022528 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI20242\win32ts.pyd
2014-01-31 08:36 - 2012-06-24 23:41 - 01198912 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-15 14:48 - 2014-03-14 21:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 14:48 - 2014-03-14 21:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 14:48 - 2014-03-14 21:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 14:48 - 2014-03-14 21:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 14:48 - 2014-03-14 21:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 14:48 - 2014-03-14 21:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\System32:0D6FA805_Bb.gbp

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2014 09:05:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2014 08:20:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2014 08:15:47 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7a144
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7c8f9
Código de exceção: 0xc0150010
Deslocamento com falha: 0x000000000006f892
Identificação do processo com falha: 0x514
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
FCaminho do módulo de falhas: Explorer.EXE2
Identificação do Relatório: Explorer.EXE3

Error: (03/22/2014 08:15:37 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7a144
Nome do módulo de falhas: SHLWAPI.dll, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7c9ab
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000000ae81
Identificação do processo com falha: 0x514
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
FCaminho do módulo de falhas: Explorer.EXE2
Identificação do Relatório: Explorer.EXE3

Error: (03/22/2014 07:11:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/22/2014 09:05:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\Windows\system32\Rtlihvs.dll
Código de Erro: 126

Error: (03/22/2014 08:20:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\Windows\system32\Rtlihvs.dll
Código de Erro: 126

Error: (03/22/2014 07:10:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\Windows\system32\Rtlihvs.dll
Código de Erro: 126


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 6020.01 MB
Available physical RAM: 4016.33 MB
Total Pagefile: 12038.22 MB
Available Pagefile: 9868.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:114.85 GB) NTFS
Drive d: () (Fixed) (Total:503.32 GB) (Free:503.19 GB) NTFS
Drive f: (SAMSUNG) (Fixed) (Total:931.5 GB) (Free:424.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 699 GB) (Disk ID: 0005E652)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=503 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 7520B790)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo lugar onde você salvou o Farbar que é este abaixo:
C:\Users\Marcos\Downloads

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

Power Max escreveu:  Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo lugar onde você salvou o Farbar que é este abaixo:
C:\Users\Marcos\Downloads

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

Ran by Marcos at 2014-03-22 23:17:45 Run:1
Running from C:\Users\Marcos\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF Extension: No Name - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default\Extensions\781cb1a7-b6ca-44b4-a7f2-f4f6aa3776bc@20711806-1033-42cf-82cd-ce5f924b5c5c.com [2014-03-22]
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\jwgzelo4.default\Extensions\781cb1a7-b6ca-44b4-a7f2-f4f6aa3776bc@20711806-1033-42cf-82cd-ce5f924b5c5c.com => Moved successfully.
BdApiUtil => Service deleted successfully.
BdCameraProtect => Service deleted successfully.
BprotectEx => Service deleted successfully.
esgiguard => Service deleted successfully.
PCFApiUtil => Service deleted successfully.

==== End of Fixlog ====

Se você ainda não reiniciou o PC depois deste procedimento, reinicie e depois nos diga como está o PC atualmente.

Power Max escreveu:Se você ainda não reiniciou o PC depois deste procedimento, reinicie e depois nos diga como está o PC atualmente.

Acabei de reiniciar e continua na mesma...Esse bicho é resistente rs