PC lento apos infecção de "sweet page"

 Sugiro que desinstale o Bonjour e o McAfee Security Scan Plus que são desnecessários e podem deixar o PC mais lento.
_______________________________________________________________________________________________________________

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo lugar onde você deixou o Farbar (FRST) que é este local abaixo:
C:\Users\user\Downloads

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by user at 2014-04-22 17:05:41 Run:1
Running from C:\Users\user\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Update for PriceMeter (HKCU\...\Price Meter Updater) (Version: - Update for PriceMeter)
Task: {006D7D62-96E1-44D5-85B4-2C141A55885A} - System32\Tasks\{84F1F527-06E1-4441-BAD0-56136EEA31DE} => C:\Users\user\Desktop\SS 57 SS\News Documents\Colors traiining Roger Eason\PDI\brain.exe
Task: {25CDCA05-3A4A-4DF0-BDFB-B94A7DD3DE18} - System32\Tasks\Price Meter Updater => C:\Users\user\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE
Task: {37EA1092-13E3-4A6C-9804-9D771549C1F6} - \Funmoods No Task File
Task: {67B3CEF5-18FC-4EFB-83EF-B6468A573659} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: {857946F6-C3EF-431D-A133-BFA4244C0EBD} - System32\Tasks\{91DFD02F-78E5-454B-8026-0C5DEE2771D7} => C:\Users\user\Desktop\SS 57 SS\News Documents\Colors traiining Roger Eason\PDI\brain.exe
Task: {A4CA7D58-1351-4D7D-B28E-A52EB15742FE} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: {F116D086-A555-4032-8156-DDAD9ED1F780} - System32\Tasks\pricemeterdownloader => C:\Users\user\AppData\Local\PriceMeter\pricemeterd.exe
Task: C:\windows\Tasks\Price Meter Updater.job => C:\Users\user\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1. Task: C:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe Task: C:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:D1B5B4F1
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {131A58DB-3061-A824-7930-6D4EF4300C00} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
S2 bavsvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavsvc.exe" [X]
S2 bhipssvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bhipssvc.exe" [X]
S2 Update BrowseMark; "C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe" [X]
R1 Bfilter; C:\windows\System32\drivers\Bfilter.sys [52032 2014-01-21] (Baidu, Inc.)
R1 Bfmon; C:\windows\System32\drivers\Bfmon.sys [34624 2014-01-21] (Baidu, Inc.)
R1 Bprotect; C:\windows\System32\drivers\Bprotect.sys [128992 2014-01-21] (Baidu, Inc.)
S3 BprotectEx; C:\windows\System32\drivers\BprotectEx.sys [76096 2013-08-08] (Baidu, Inc.)
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
U2 DriverService;
2014-04-16 18:29 - 2014-04-22 12:34 - 00000962 _____ () C:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-04-16 18:29 - 2014-04-22 09:49 - 00000958 _____ () C:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-04-16 18:29 - 2014-04-16 18:29 - 00003958 _____ () C:\windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA
2014-04-16 18:29 - 2014-04-16 18:29 - 00003706 _____ () C:\windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore
2014-04-16 18:27 - 2014-04-22 12:27 - 00000288 _____ () C:\windows\Tasks\Price Meter Updater.job
2014-04-16 18:27 - 2014-04-16 18:27 - 00003284 _____ () C:\windows\System32\Tasks\pricemeterdownloader
2014-04-16 18:27 - 2014-04-16 18:27 - 00003224 _____ () C:\windows\System32\Tasks\Price Meter Updater
2014-04-16 18:27 - 2014-04-16 18:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
2014-04-16 17:58 - 2014-01-21 11:14 - 00052032 _____ (Baidu, Inc.) C:\windows\system32\Drivers\Bfilter.sys
2014-04-16 17:58 - 2014-01-21 11:14 - 00034624 _____ (Baidu, Inc.) C:\windows\system32\Drivers\Bfmon.sys
2014-04-16 17:58 - 2014-01-21 07:01 - 00128992 _____ (Baidu, Inc.) C:\windows\system32\Drivers\Bprotect.sys
2014-04-18 16:43 - 2013-05-22 00:38 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-04-18 16:43 - 2013-05-22 00:38 - 00000000 ____D () C:\ProgramData\Baidu Security
end
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{006D7D62-96E1-44D5-85B4-2C141A55885A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{006D7D62-96E1-44D5-85B4-2C141A55885A} => Key deleted successfully.
C:\Windows\System32\Tasks\{84F1F527-06E1-4441-BAD0-56136EEA31DE} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84F1F527-06E1-4441-BAD0-56136EEA31DE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25CDCA05-3A4A-4DF0-BDFB-B94A7DD3DE18} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25CDCA05-3A4A-4DF0-BDFB-B94A7DD3DE18} => Key deleted successfully.
C:\Windows\System32\Tasks\Price Meter Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Price Meter Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37EA1092-13E3-4A6C-9804-9D771549C1F6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37EA1092-13E3-4A6C-9804-9D771549C1F6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67B3CEF5-18FC-4EFB-83EF-B6468A573659} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67B3CEF5-18FC-4EFB-83EF-B6468A573659} => Key deleted successfully.
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PriceMeterLiveUpdateUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{857946F6-C3EF-431D-A133-BFA4244C0EBD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{857946F6-C3EF-431D-A133-BFA4244C0EBD} => Key deleted successfully.
C:\Windows\System32\Tasks\{91DFD02F-78E5-454B-8026-0C5DEE2771D7} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{91DFD02F-78E5-454B-8026-0C5DEE2771D7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4CA7D58-1351-4D7D-B28E-A52EB15742FE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4CA7D58-1351-4D7D-B28E-A52EB15742FE} => Key deleted successfully.
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PriceMeterLiveUpdateUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F116D086-A555-4032-8156-DDAD9ED1F780} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F116D086-A555-4032-8156-DDAD9ED1F780} => Key deleted successfully.
C:\Windows\System32\Tasks\pricemeterdownloader => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterdownloader => Key deleted successfully.
C:\windows\Tasks\Price Meter Updater.job => C:\Users\user\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1. Task: C:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe Task: C:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job not found.
"C:\Windows" => ":AstInfo" ADS not found.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
"C:\Users\Todos os Usuários\Temp" => ":D1B5B4F1" ADS not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{131A58DB-3061-A824-7930-6D4EF4300C00} => Key deleted successfully.
HKCR\CLSID\{131A58DB-3061-A824-7930-6D4EF4300C00} => Key deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
bavsvc => Service deleted successfully.
bhipssvc => Service deleted successfully.
Update BrowseMark => Service deleted successfully.
Bfilter => Service stopped successfully.
Bfilter => Service deleted successfully.
Bfmon => Service stopped successfully.
Bfmon => Service deleted successfully.
Bprotect => Unable to stop service
Bprotect => Service deleted successfully.
BprotectEx => Service deleted successfully.
BdApiUtil => Service deleted successfully.
BdCameraProtect => Service deleted successfully.
DriverService => Service deleted successfully.
C:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => Moved successfully.
"C:\windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA" => File/Directory not found.
"C:\windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore" => File/Directory not found.
C:\windows\Tasks\Price Meter Updater.job => Moved successfully.
"C:\windows\System32\Tasks\pricemeterdownloader" => File/Directory not found.
"C:\windows\System32\Tasks\Price Meter Updater" => File/Directory not found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter => Moved successfully.
C:\windows\system32\Drivers\Bfilter.sys => Moved successfully.
C:\windows\system32\Drivers\Bfmon.sys => Moved successfully.
C:\windows\system32\Drivers\Bprotect.sys => Moved successfully.
C:\Users\Todos os Usuários\Baidu Security => Moved successfully.
"C:\ProgramData\Baidu Security" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog ====

Se o PC não tiver reiniciado depois desta limpeza, reinicie.
________________________________________________

Depois de reiniciar o computador, faça o seguinte:

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.4.22.40 - Nicolas Coolman (22/04/2014)
~ Iniciado por user (22/04/2014 17:41:06)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 2.0.1.1004
Spyware Terminator 2012 v3.0.0.82
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.0.0 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3690 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 195 GB (46%) free of 422 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USER-PC
~ User Name: user
~ All Users Names: user, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 195 Go of 422 Go)
D: Hard drive, Flash drive, Thumb drive (Free 27 Go of 29 Go)
E: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)
H: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.11/08/2011 - 23:39:18.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5A45FA344F4AD99D903F4B20E43B89EC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/06/2012 - 09:05:28.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.11/08/2011 - 23:41:51.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/08/2011 - 23:43:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/23
~ Mes musiques (My Musics) : 5/118
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/100252
~ Mon Bureau (My Desktop) : 2/11531
~ Menu demarrer (Programs) : 1/61
~ Hidden Files: Scanned in 05mn 09s



---\\ Processos lançados
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488] [PID.2464]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3352]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.3556]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.3944]
[MD5.F482170822E45CF5CB4CC6479A20B6CD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7889408] [PID.4732]
[MD5.6DE9AC13D76238AD7427E5453C8ECC54] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519224] [PID.840]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1392]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1816]
[MD5.0C83FC56707BF68DB04947052A8188B1] - (.Nalpeiron Ltd. - Nalpeiron Highend Service.) -- C:\windows\SysWOW64\AstSrv.exe [57344] [PID.1920]
[MD5.A058BB0BFE7F530A1CCF28F5DBDB6795] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files (x86)\Scpad\scpVista.exe [360640] [PID.2284]
[MD5.3B6429C5B11408EF11EFEEE8C0F0682A] - (.BlueStack Systems, Inc. - BlueStacks Service.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192] [PID.3004]
[MD5.713C85F0C1A95C25EE28D4B024A0EA33] - (.BlueStack Systems - BlueStacks Network Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe [377616] [PID.1832]
[MD5.FEAB27A624ADA932A2F8E831DE668A38] - (.BlueStack Systems - BlueStacks Block Device Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe [261392] [PID.2624]
[MD5.CDB95B8CC08E6F727496D8F19A27EFEE] - (.BlueStack Systems - BlueStacks Shared Folder Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe [367376] [PID.876]
[MD5.D11162F92258E1F09CFB4054941F2E24] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120] [PID.4004]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 08s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB [64Bits] - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 17 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Apps.lnk . (...) -- C:\Users\Public\Libraries\Apps.library-ms
O4 - GS\Desktop [Public]: Guia de Usuário.lnk . (.Lenovo - UserGuide.) -- C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe
O4 - GS\Desktop [Public]: IObit Uninstaller.lnk . (.IObit - IObit Uninstaller.) -- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
O4 - GS\Desktop [Public]: Receitanet 1.04 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.) -- C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: Sound Organizer.lnk . (.Sony Corporation - Sound Organizer.) -- C:\Program Files (x86)\Sony\Sound Organizer\SoundOrganizer.exe
O4 - GS\Desktop [Public]: Spyware Terminator 2012.lnk . (.Crawler.com - Spyware Terminator 2012.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
O4 - GS\Desktop [Public]: Start BlueStacks.lnk . (.BlueStack Systems, Inc. - BlueStacks StartLauncher.) -- C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe
O4 - GS\Desktop [Public]: The Downloader.lnk . (.Equis International - The DownLoader.) -- C:\Program Files (x86)\Equis\The DownLoader\Dlwin.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: PowerXpress.lnk . (.ATI Technologies Inc. - Catalyst Control Centre: Command Line Inter.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [user]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [user]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [user]: PC App Store.lnk . (...) -- C:\Users\user\AppData\Local\Pokki\Engine\pokki.exe (.not file.)
O4 - GS\Program [user]: Pixsta.lnk . (...) -- C:\Users\user\AppData\Local\Pokki\Engine\pokki.exe (.not file.)
O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [user]: AnySend.lnk . (...) -- C:\Program Files (x86)\AnySend\AnySendUI.exe (.not file.)
O4 - GS\SendTo [user]: MediaInfo.lnk . (...) -- C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
O4 - GS\Desktop [user]: chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [user]: GT-10 Librarian.lnk . (.BOSS Corporation - GT-10 Librarian.) -- C:\Program Files (x86)\BOSS\GT-10Librarian\GXGL.exe
O4 - GS\Desktop [user]: Guitar Pro 5.lnk . (.Arobas Music - No Comment.) -- C:\Program Files (x86)\Guitar Pro 5\GP5.exe
O4 - GS\Desktop [user]: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2011\IRPF2011.exe
O4 - GS\Desktop [user]: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe
O4 - GS\Desktop [user]: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
O4 - GS\Desktop [user]: MetaStock Professional Offline Mode.lnk . (.Equis International - mswin.) -- C:\Program Files (x86)\Equis\MetaStock\MsWin.exe
O4 - GS\Desktop [user]: MWSnap 3.lnk . (.Mirek Wojtowicz - No Comment.) -- C:\Program Files (x86)\MWSnap\MWSnap.exe
O4 - GS\Desktop [user]: SS 57 SS - Atalho.lnk . (...) -- C:\Users\user\Documents\Subsea\SS 57 SS
O4 - GS\Desktop [user]: YouTube To MP3 Converter Free.lnk . (.DVDAVITools - YouTube To MP3 Converter Free.) -- C:\Program Files (x86)\DVDAVITools\YouTube To MP3 Converter Free\YouTubeToMP3ConverterFree.exe
O4 - GS\QuickLaunch [Convidado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Convidado]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Convidado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Convidado]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Convidado]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Convidado]: MWSnap 3.lnk . (.Mirek Wojtowicz - No Comment.) -- C:\Program Files (x86)\MWSnap\MWSnap.exe
~ Global Startup: 113 Legitimates Filtered in 00mn 05s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Lenovo EE Boot Optimizer] . (.Lenovo - Lenovo EE Boot Optimizer Software.) -- C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
O4 - HKLM\..\Run: [Energy Management] . (.Lenovo (Beijing) Limited - Lenovo Energy Management Software 6.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Battery Management Software Ver 6.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\Lenovo\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2E5F77-0B78-4054-88B9-364921235F3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpDomain = corp.prideinternational.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE2E5F77-0B78-4054-88B9-364921235F3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpDomain = corp.prideinternational.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE2E5F77-0B78-4054-88B9-364921235F3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpDomain = corp.prideinternational.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Adobe Systems, Inc. - 3D Capture.) - C:\Windows\System32\acaptuser64.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Ast Service (Ast Service) . (.Nalpeiron Ltd. - Nalpeiron Highend Service.) - C:\windows\SysWOW64\AstSrv.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files (x86)\Scpad\scpVista.exe
~ Services: 15 Legitimates Filtered in 00mn 43s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{5836A07C-43C6-41AE-A85F-4BCC35236B79}] (...) -- C:\users\user\Desktop\BOP Test\FreewarePDFUnlocker.msi" (.not file.) [0]
[MD5.00E22B3ED82BB39750CCE10316380192] [APT] [{BA30A1C0-DD0E-437E-8758-4E52AA9159AF}] (.Serpro - Serviço Federal de Processamento d.) -- C:\users\user\Downloads\Receitanet-1.03.exe [6182539]
[MD5.00000000000000000000000000000000] [APT] [{C22B0E07-165F-431F-AEE0-9A179C9A5768}] (...) -- E:\MWSnap300.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F1F780E8-0056-46CB-BD41-015616B6E425}] (...) -- C:\users\user\Desktop\BOP Test\FreewarePDFUnlocker.msi" (.not file.) [0]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 10s



---\\ Software instalados (042)
O42 - Logiciel: Ares 2.2.7 - (.Seekar Ltd.) [HKLM][64Bits] -- Ares
O42 - Logiciel: Edison 5 - (.DesignSoft.) [HKLM][64Bits] -- {E404200A-3830-4530-ABE5-836A4A936E95}
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Update for PriceMeter - (.Update for PriceMeter.) [HKCU][64Bits] -- Price Meter Updater =>PUP.PriceMeter
O42 - Logiciel: YouTube To MP3 Converter Free v1.0 - (.DVDAVITools.) [HKLM][64Bits] -- YouTube To MP3 Converter Free_is1
~ Logic: 17 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter
[HKCU\Software\Roland]
[HKCU\Software\eBook Maestro Books]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\DBC]
~ Key Software: 333 Legitimates Filtered in 00mn 03s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/04/2014 - 18:28:20 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 16/04/2014 - 17:57:42 - [] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 09/12/2011 - 14:41:54 - [] ----D C:\Program Files (x86)\BOSS
O43 - CFD: 27/03/2014 - 14:55:40 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 25/06/2013 - 11:26:58 - [] ----D C:\Program Files (x86)\Scpad
O43 - CFD: 22/05/2013 - 00:32:31 - [] ----D C:\Users\user\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 12/11/2011 - 14:21:45 - [] ----D C:\Users\user\AppData\Local\Ares
O43 - CFD: 02/12/2011 - 12:38:09 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 18/03/2012 - 07:29:23 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 07/03/2013 - 18:28:32 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 05/03/2014 - 23:56:36 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 209 Legitimates Filtered in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4D3906910C127AA6946C80083B8FDE64] - 17/04/2014 - 13:56:35 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61120] =>PUP.LinkiDoo
O44 - LFC:[MD5.11E2D1FC5DF6B991130E8EDB44734F34] - 19/04/2014 - 01:47:43 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.961BCED2EC748D02DA833C0E8D94B8CB] - 21/04/2014 - 18:29:17 ----- . (...) -- C:\UsbFix [Scan 1] USER-PC.txt [7508]
O44 - LFC:[MD5.D3DB749B027DA5065649DEAD433BE2AA] - 21/04/2014 - 18:41:37 ---A- . (...) -- C:\UsbFix [Clean 2] USER-PC.txt [11777]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 21/04/2014 - 22:20:32 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.4644ED87477F01770F24C5C2DBB95622] - 22/04/2014 - 00:51:03 ---A- . (...) -- C:\zoek-results.log [25113]
O44 - LFC:[MD5.86A0D339CB402AAF2EB2D505450BFC86] - 22/04/2014 - 10:29:03 ---A- . (...) -- C:\sc-cleaner.txt [1788]
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 22/04/2014 - 17:01:13 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.6B6F6D39626F8F6907834B147E261AEF] - 22/04/2014 - 17:08:23 ---A- . (...) -- C:\FaceProv.log [6439643]
O44 - LFC:[MD5.066F9316F2A10B965DC57A60C1A2D2C4] - 22/04/2014 - 17:08:26 ---A- . (...) -- C:\Windows\System32\fastboot.set [311129]
O44 - LFC:[MD5.F36296935C1E2C37B77A3566C8D68F77] - 22/04/2014 - 17:15:38 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128328]
O44 - LFC:[MD5.043AB1FA475CE320886E7D84C62E946C] - 22/04/2014 - 17:15:38 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [664038]
O44 - LFC:[MD5.F55F971F6888A198DC966F6056EBD101] - 22/04/2014 - 17:46:36 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [26352]
O44 - LFC:[MD5.F55F971F6888A198DC966F6056EBD101] - 22/04/2014 - 17:46:36 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [26352]
~ Files: 25 Legitimates Filtered in 00mn 10s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
~ SMSR Keys: 16 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:06/03/2013 - 19:31:50 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:05/12/2013 - 13:40:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:09/01/2014 - 19:25:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:08/08/2013 - 00:25:30 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [76096]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:06/12/2013 - 17:02:32 ---A- . (.Windows (R) Win 7 DDK provider - Spyware Terminator 2012 driver.) -- C:\Windows\System32\Drivers\stflt.sys [51496]
O58 - SDL:09/07/2012 - 13:42:54 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [52736]
O58 - SDL:17/04/2014 - 13:56:35 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61120] =>PUP.LinkiDoo
O58 - SDL:19/10/2012 - 15:36:14 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [46016]
O58 - SDL:18/03/2014 - 19:03:44 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:18/11/2002 - 10:41:28 ---A- . (.Spark Technologies co., Ltd. - SparKey usb Driver.) -- C:\Windows\SysWOW64\drivers\SPARKEY.SYS [12320]
O58 - SDL:07/06/2010 - 16:55:56 ---A- . (.Spark Technologies co., Ltd. - SparKey usb Driver.) -- C:\Windows\SysWOW64\drivers\sparkey64.sys [24704]
O58 - SDL:08/07/2004 - 16:04:58 ---A- . (.Spark Tech Co.,Ltd - Sparkey Device Driver.) -- C:\Windows\SysWOW64\drivers\SPKLPT.SYS [8208]
~ Drivers: 18 Legitimates Filtered in 00mn 07s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][01/12/2013] (...) -- C:\Users\user\AppData\Roaming\inst.exe [99384]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][21/04/2014] (...) -- C:\Users\user\Desktop\zoek.exe [1285120]
[MD5.46A8BA9FC8FD849FAA3CA878534733F7] [SPRF][06/06/2012] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll [215232]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{817F82DE-954A-4BD5-938A-ECE6FC695BBB}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{57CEA5FB-5364-4800-B17F-E746FD90E70A}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 04s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.7839613CA9CC0AF29DC4DACE63D433D7] [WIS][24/08/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\23dd7.msi [28160] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 06s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowseMark_RASAPI32 =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowseMark_RASMANCS =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarUser_32_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarUser_32_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Media Finder_RASAPI32 =>PUP.MediaFinder
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Media Finder_RASMANCS =>PUP.MediaFinder
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASAPI32 =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASMANCS =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASAPI32 =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASMANCS =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseMark_RASAPI32 =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseMark_RASMANCS =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 531 Legitimates Filtered in 00mn 01s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{22222222-2222-2222-2222-220322962276}] (CrossriderApp0039676.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 4604 Legitimates Filtered in 00mn 24s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 17/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 20/12/2013 385808 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
SS - | Disabled 29/07/2010 951584 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
SS - | Demand 13/07/2012 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 24/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 09/09/2012 936848 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\windows\system32\srvany.exe =>Hijacker.Office
SS - | Disabled 01/12/2013 2151744 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Disabled 04/05/2010 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Demand 08/11/2012 174176 | (PACSPTISVR-Sound_Organizer) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe
SS - | Auto 29/02/2012 158856 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 13/07/2009 27136 | C:\windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 07/06/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/06/2011 365568 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 10/07/1658 0 | (Ast Service) . (.Nalpeiron Ltd..) - C:\windows\system32\AstSrv.exe
SR - | Auto 09/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/12/2013 402192 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 25/10/2013 1444120 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 24/06/2013 360640 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files (x86)\Scpad\scpVista.exe
SR - | Auto 22/10/2013 1149104 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 27s



---\\ Scâner Aditional (088)
Database Version : 13045 - (22/04/2014)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 7

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Meter Updater] =>PUP.PriceMeter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\Classes\MF] =>PUP.MediaFinder
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322962276}] =>PUP.CrossRider
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Users\user\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
C:\Windows\Installer\23dd7.msi =>Toolbar.Google^
[HKCR\CLSID\{22222222-2222-2222-2222-220322962276}] (CrossriderApp0039676.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 340746 Items scanned in 03mn 05s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.PriceMeter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MyPCBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BrowseMark
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.OpenCandy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MediaFinder
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PlusHD
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BuzzSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ MSI: 13 link(s) detected in 00mn 00s



~ 924 Legitimates filtered by white list
End of the scan (580 lines in 11mn 33s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by user at 22/04/2014 22:27:06
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 10s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\PriceMeterUpdater
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowseMark_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowseMark_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Media Finder_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Media Finder_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseMark_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseMark_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS
ELIMINÉ:* HKCR\CLSID\{22222222-2222-2222-2222-220322962276}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Meter Updater
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ: HKCU\Software\Classes\MF

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\pc app store.lnk
ELIMINÉ: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\pixsta.lnk
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlibg64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ: C:\Windows\Installer\23dd7.msi
ELIMINÉ Temporários windows (129) (6.036.885 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {5836A07C-43C6-41AE-A85F-4BCC35236B79}
ELIMINÉ: {C22B0E07-165F-431F-AEE0-9A179C9A5768}
ELIMINÉ: {F1F780E8-0056-46CB-BD41-015616B6E425}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Outros ==========
NÃO-TRATADO __________________


========== Recapitulativo ==========
27 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
7 : Ficheiros
3 : Tarefa planificada
1 : Restauração Sistema
1 : Outros


End of clean in 03mn 45s

========== Caminho do ficheiro do relatório ==========
C:\Users\user\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/04/2014 22:27:17 [3713]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.4.22.40 - Nicolas Coolman (22/04/2014)
~ Iniciado por user (22/04/2014 23:02:45)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 2.0.1.1004
Spyware Terminator 2012 v3.0.0.82
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.0.0 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3690 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 195 GB (46%) free of 422 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USER-PC
~ User Name: user
~ All Users Names: user, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 195 Go of 422 Go)
D: Hard drive, Flash drive, Thumb drive (Free 27 Go of 29 Go)
E: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.11/08/2011 - 23:39:18.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5A45FA344F4AD99D903F4B20E43B89EC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/06/2012 - 09:05:28.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.11/08/2011 - 23:41:51.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/08/2011 - 23:43:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/23
~ Mes musiques (My Musics) : 5/118
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/100252
~ Mon Bureau (My Desktop) : 2/11613
~ Menu demarrer (Programs) : 1/59
~ Hidden Files: Scanned in 06mn 14s



---\\ Processos lançados
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.2596]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488] [PID.3968]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3924]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.3268]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.336]
[MD5.F482170822E45CF5CB4CC6479A20B6CD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7889408] [PID.5304]
[MD5.6DE9AC13D76238AD7427E5453C8ECC54] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519224] [PID.864]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1400]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1796]
[MD5.0C83FC56707BF68DB04947052A8188B1] - (.Nalpeiron Ltd. - Nalpeiron Highend Service.) -- C:\windows\SysWOW64\AstSrv.exe [57344] [PID.1960]
[MD5.0E08BDD7326E657D59DB40BAD23D8169] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.1324]
[MD5.A8E7F3DB083EB0839DFC1C763CDD2594] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912] [PID.2028]
[MD5.A058BB0BFE7F530A1CCF28F5DBDB6795] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files (x86)\Scpad\scpVista.exe [360640] [PID.2168]
[MD5.3B6429C5B11408EF11EFEEE8C0F0682A] - (.BlueStack Systems, Inc. - BlueStacks Service.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192] [PID.2756]
[MD5.713C85F0C1A95C25EE28D4B024A0EA33] - (.BlueStack Systems - BlueStacks Network Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe [377616] [PID.2992]
[MD5.FEAB27A624ADA932A2F8E831DE668A38] - (.BlueStack Systems - BlueStacks Block Device Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe [261392] [PID.2312]
[MD5.CDB95B8CC08E6F727496D8F19A27EFEE] - (.BlueStack Systems - BlueStacks Shared Folder Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe [367376] [PID.2328]
[MD5.61EEC0D658EB34110FB74442D079E11C] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392] [PID.3492]
~ Processes Running: Scanned in 00mn 06s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 10s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB [64Bits] - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 17 Legitimates Filtered in 00mn 01s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Apps.lnk . (...) -- C:\Users\Public\Libraries\Apps.library-ms
O4 - GS\Desktop [Public]: Guia de Usuário.lnk . (.Lenovo - UserGuide.) -- C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe
O4 - GS\Desktop [Public]: IObit Uninstaller.lnk . (.IObit - IObit Uninstaller.) -- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
O4 - GS\Desktop [Public]: Receitanet 1.04 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.) -- C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: Sound Organizer.lnk . (.Sony Corporation - Sound Organizer.) -- C:\Program Files (x86)\Sony\Sound Organizer\SoundOrganizer.exe
O4 - GS\Desktop [Public]: Spyware Terminator 2012.lnk . (.Crawler.com - Spyware Terminator 2012.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
O4 - GS\Desktop [Public]: Start BlueStacks.lnk . (.BlueStack Systems, Inc. - BlueStacks StartLauncher.) -- C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe
O4 - GS\Desktop [Public]: The Downloader.lnk . (.Equis International - The DownLoader.) -- C:\Program Files (x86)\Equis\The DownLoader\Dlwin.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: PowerXpress.lnk . (.ATI Technologies Inc. - Catalyst Control Centre: Command Line Inter.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [user]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [user]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [user]: AnySend.lnk . (...) -- C:\Program Files (x86)\AnySend\AnySendUI.exe (.not file.)
O4 - GS\SendTo [user]: MediaInfo.lnk . (...) -- C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
O4 - GS\Desktop [user]: chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [user]: GT-10 Librarian.lnk . (.BOSS Corporation - GT-10 Librarian.) -- C:\Program Files (x86)\BOSS\GT-10Librarian\GXGL.exe
O4 - GS\Desktop [user]: Guitar Pro 5.lnk . (.Arobas Music - No Comment.) -- C:\Program Files (x86)\Guitar Pro 5\GP5.exe
O4 - GS\Desktop [user]: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2011\IRPF2011.exe
O4 - GS\Desktop [user]: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe
O4 - GS\Desktop [user]: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
O4 - GS\Desktop [user]: MetaStock Professional Offline Mode.lnk . (.Equis International - mswin.) -- C:\Program Files (x86)\Equis\MetaStock\MsWin.exe
O4 - GS\Desktop [user]: MWSnap 3.lnk . (.Mirek Wojtowicz - No Comment.) -- C:\Program Files (x86)\MWSnap\MWSnap.exe
O4 - GS\Desktop [user]: SS 57 SS - Atalho.lnk . (...) -- C:\Users\user\Documents\Subsea\SS 57 SS
O4 - GS\Desktop [user]: YouTube To MP3 Converter Free.lnk . (.DVDAVITools - YouTube To MP3 Converter Free.) -- C:\Program Files (x86)\DVDAVITools\YouTube To MP3 Converter Free\YouTubeToMP3ConverterFree.exe
O4 - GS\QuickLaunch [Convidado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Convidado]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Convidado]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Convidado]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Convidado]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Convidado]: MWSnap 3.lnk . (.Mirek Wojtowicz - No Comment.) -- C:\Program Files (x86)\MWSnap\MWSnap.exe
~ Global Startup: 111 Legitimates Filtered in 00mn 07s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Lenovo EE Boot Optimizer] . (.Lenovo - Lenovo EE Boot Optimizer Software.) -- C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
O4 - HKLM\..\Run: [Energy Management] . (.Lenovo (Beijing) Limited - Lenovo Energy Management Software 6.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Battery Management Software Ver 6.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\Lenovo\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2E5F77-0B78-4054-88B9-364921235F3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpDomain = corp.prideinternational.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE2E5F77-0B78-4054-88B9-364921235F3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpDomain = corp.prideinternational.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE2E5F77-0B78-4054-88B9-364921235F3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{76A2133F-A5FA-4B42-A4EE-53761C9D47DF}: DhcpDomain = corp.prideinternational.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Adobe Systems, Inc. - 3D Capture.) - C:\Windows\System32\acaptuser64.dll
~ AppInit DLL: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Ast Service (Ast Service) . (.Nalpeiron Ltd. - Nalpeiron Highend Service.) - C:\windows\SysWOW64\AstSrv.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files (x86)\Scpad\scpVista.exe
~ Services: 15 Legitimates Filtered in 02mn 22s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00E22B3ED82BB39750CCE10316380192] [APT] [{BA30A1C0-DD0E-437E-8758-4E52AA9159AF}] (.Serpro - Serviço Federal de Processamento d.) -- C:\users\user\Downloads\Receitanet-1.03.exe [6182539]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 13s



---\\ Software instalados (042)
O42 - Logiciel: Ares 2.2.7 - (.Seekar Ltd.) [HKLM][64Bits] -- Ares
O42 - Logiciel: Edison 5 - (.DesignSoft.) [HKLM][64Bits] -- {E404200A-3830-4530-ABE5-836A4A936E95}
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: YouTube To MP3 Converter Free v1.0 - (.DVDAVITools.) [HKLM][64Bits] -- YouTube To MP3 Converter Free_is1
~ Logic: 16 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\GbAs]
[HKCU\Software\Roland]
[HKCU\Software\eBook Maestro Books]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\DBC]
~ Key Software: 326 Legitimates Filtered in 00mn 02s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/04/2014 - 18:28:20 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 09/12/2011 - 14:41:54 - [] ----D C:\Program Files (x86)\BOSS
O43 - CFD: 27/03/2014 - 14:55:40 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 25/06/2013 - 11:26:58 - [] ----D C:\Program Files (x86)\Scpad
O43 - CFD: 12/11/2011 - 14:21:45 - [] ----D C:\Users\user\AppData\Local\Ares
O43 - CFD: 02/12/2011 - 12:38:09 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 18/03/2012 - 07:29:23 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 07/03/2013 - 18:28:32 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 05/03/2014 - 23:56:36 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 207 Legitimates Filtered in 00mn 03s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4D3906910C127AA6946C80083B8FDE64] - 17/04/2014 - 13:56:35 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61120] =>PUP.LinkiDoo
O44 - LFC:[MD5.11E2D1FC5DF6B991130E8EDB44734F34] - 19/04/2014 - 01:47:43 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.961BCED2EC748D02DA833C0E8D94B8CB] - 21/04/2014 - 18:29:17 ----- . (...) -- C:\UsbFix [Scan 1] USER-PC.txt [7508]
O44 - LFC:[MD5.D3DB749B027DA5065649DEAD433BE2AA] - 21/04/2014 - 18:41:37 ---A- . (...) -- C:\UsbFix [Clean 2] USER-PC.txt [11777]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 21/04/2014 - 22:20:32 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.4644ED87477F01770F24C5C2DBB95622] - 22/04/2014 - 00:51:03 ---A- . (...) -- C:\zoek-results.log [25113]
O44 - LFC:[MD5.86A0D339CB402AAF2EB2D505450BFC86] - 22/04/2014 - 10:29:03 ---A- . (...) -- C:\sc-cleaner.txt [1788]
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 22/04/2014 - 17:01:13 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.5490DF5DFD318A8F5CB4B56F5AB22A51] - 22/04/2014 - 22:16:33 ---A- . (...) -- C:\FaceProv.log [6443202]
O44 - LFC:[MD5.CB6BAFAF4A576B5C13166B2EB1A3FB63] - 22/04/2014 - 22:16:57 ---A- . (...) -- C:\Windows\System32\fastboot.set [317283]
O44 - LFC:[MD5.F36296935C1E2C37B77A3566C8D68F77] - 22/04/2014 - 22:23:21 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128328]
O44 - LFC:[MD5.043AB1FA475CE320886E7D84C62E946C] - 22/04/2014 - 22:23:21 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [664038]
O44 - LFC:[MD5.A6EBE93AD35192CA3317639839AE8317] - 22/04/2014 - 23:08:07 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [26352]
O44 - LFC:[MD5.A6EBE93AD35192CA3317639839AE8317] - 22/04/2014 - 23:08:07 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [26352]
~ Files: 25 Legitimates Filtered in 00mn 14s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
~ SMSR Keys: 16 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:06/03/2013 - 19:31:50 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:05/12/2013 - 13:40:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:09/01/2014 - 19:25:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:08/08/2013 - 00:25:30 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [76096]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:06/12/2013 - 17:02:32 ---A- . (.Windows (R) Win 7 DDK provider - Spyware Terminator 2012 driver.) -- C:\Windows\System32\Drivers\stflt.sys [51496]
O58 - SDL:09/07/2012 - 13:42:54 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [52736]
O58 - SDL:17/04/2014 - 13:56:35 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61120] =>PUP.LinkiDoo
O58 - SDL:19/10/2012 - 15:36:14 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [46016]
O58 - SDL:18/03/2014 - 19:03:44 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:18/11/2002 - 10:41:28 ---A- . (.Spark Technologies co., Ltd. - SparKey usb Driver.) -- C:\Windows\SysWOW64\drivers\SPARKEY.SYS [12320]
O58 - SDL:07/06/2010 - 16:55:56 ---A- . (.Spark Technologies co., Ltd. - SparKey usb Driver.) -- C:\Windows\SysWOW64\drivers\sparkey64.sys [24704]
O58 - SDL:08/07/2004 - 16:04:58 ---A- . (.Spark Tech Co.,Ltd - Sparkey Device Driver.) -- C:\Windows\SysWOW64\drivers\SPKLPT.SYS [8208]
~ Drivers: 18 Legitimates Filtered in 00mn 10s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][01/12/2013] (...) -- C:\Users\user\AppData\Roaming\inst.exe [99384]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][21/04/2014] (...) -- C:\Users\user\Desktop\zoek.exe [1285120]
[MD5.46A8BA9FC8FD849FAA3CA878534733F7] [SPRF][06/06/2012] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll [215232]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{817F82DE-954A-4BD5-938A-ECE6FC695BBB}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{57CEA5FB-5364-4800-B17F-E746FD90E70A}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 04s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: Unidade de CD - {FCCA82C2-3066-40C1-A336-B08E6A2718DF}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarUser_32_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarUser_32_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 513 Legitimates Filtered in 00mn 01s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 4603 Legitimates Filtered in 00mn 22s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 17/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 20/12/2013 385808 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
SS - | Disabled 29/07/2010 951584 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
SS - | Demand 13/07/2012 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 24/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 09/09/2012 936848 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\windows\system32\srvany.exe =>Hijacker.Office
SS - | Disabled 01/12/2013 2151744 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Disabled 04/05/2010 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Demand 08/11/2012 174176 | (PACSPTISVR-Sound_Organizer) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe
SS - | Auto 29/02/2012 158856 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 13/07/2009 27136 | C:\windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 07/06/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/06/2011 365568 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 10/07/1658 0 | (Ast Service) . (.Nalpeiron Ltd..) - C:\windows\system32\AstSrv.exe
SR - | Auto 09/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/12/2013 402192 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 02/04/2014 1882392 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 24/06/2013 360640 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files (x86)\Scpad\scpVista.exe
SR - | Auto 22/10/2013 1149104 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 26s



---\\ Scâner Aditional (088)
Database Version : 13045 - (22/04/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 340287 Items scanned in 02mn 57s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
~ MSI: 2 link(s) detected in 00mn 00s



~ 917 Legitimates filtered by white list
End of the scan (525 lines in 14mn 35s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by user at 23/04/2014 11:04:37
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 03s)

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlibg64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ Temporários windows (2) (778 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema


End of clean in 01mn 56s

========== Caminho do ficheiro do relatório ==========
C:\Users\user\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/04/2014 22:27:17 [3792]
C:\Users\user\AppData\Roaming\ZHP\ZHPFix[R2].txt - 23/04/2014 11:04:40 [942]

Reinicie seu PC e depois nos diga como está seu computador após estas limpezas.

Agradeço muito pela ajuda de alto nível que obtive aqui, após todos esses procedimentos meu pc está ótimo. Por favor me informe de que maneira posso contribuir para agradecer por sua ajuda. Estou muito satisfeito!

Agradeço muito pela ajuda de alto nível que obtive aqui, após todos esses procedimentos meu pc está ótimo.

 Fico feliz que o problema tenha sido resolvido.
____________________________________________________________________________________________________

Por favor me informe de que maneira posso contribuir para agradecer por sua ajuda. Estou muito satisfeito!

Se você quiser pode nos ajudar divulgando o fórum para seus parentes, amigos e conhecidos quando eles estiverem precisando de orientações na área de informática.
____________________________________________________________________________________________________

 Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

 Foi um prazer ajudar. Conte sempre conosco!

Segui todos os procedimentos, meu pc está ótimo! Divulgarei o Fórum a todos que conheço, tenho certeza de que muita gente está precisando de ajuda! Mais uma vez muito obrigado!

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.