Computador com programas indesejados e vírus

Olá Amigos!

MINHA NAMORADA CLICOU EM ALGUMA COISA QUE NÃO DEVIA ENQUANTO TENTAVA ACESSAR FILMES NO SITE DO MEGAFILMES, NOVAMENTE ENCHEU DE PROGRAMAS INDESEJADOS E VIRUS O PC, FIZ UM SCAN NO SISTEMA COM O MALWAREBYTES E ELIMINOU UM MONTE DESSAS PRAGUINHAS, AINDA PERCEBO LENTIDÃO E PEQUENOS TRAVAMENTOS. PODERIAM ME AJUDAR?.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:26, on 13/05/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal

Running processes:
C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\cesar\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DApp] C:\Program Files\PCDApp\start.vbs
O4 - HKCU\..\Run: [uTorrent] "C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\cesar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [TapinRadio] "C:\Program Files (x86)\TapinRadio\TapinRadio.exe" /show=minimizedtotray
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\cesar\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O8 - Extra context menu item: E&xport to Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Paragon APM service (apmwinsrv) - Unknown owner - C:\Program Files (x86)\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - Unknown owner - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Service Component of VO (vosr) - Unknown owner - C:\Users\cesar\AppData\Roaming\VOPackage\VOsrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10256 bytes

FIZ UM SCAN NO SISTEMA COM O MALWAREBYTES E ELIMINOU UM MONTE DESSAS PRAGUINHAS

Poste o log (relatório) do Malwarebytes para que possamos analisá-lo.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 13/05/2014
Hora da Verificação: 08:52:52
Logfile: maware.txt
Administrador: Sim

Versão: 2.00.1.1004
Malware Database: v2014.05.13.04
Rootkit Database: v2014.03.27.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Chameleon: Desabilitado

OS: Windows 8.1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: cesar

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 494902
Tempo Decorrido: 7 hr, 57 min, 10 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 9
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [aa3e49073b401b1be046eaa0c43ec33d],
Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\FreeSoftToday, Quarantined, [9355361acfacf5410126af042ad9a25e],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\Freeven pro 1.2, Quarantined, [d612b997afcca19518f5f2977a88d32d],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerplus, Quarantined, [db0dfe527803b482e34c9eebf210ee12],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, Quarantined, [1cccaca45724c96d76915c2e07fbc33d],
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven pro 1.2, Quarantined, [b53300507407181e11fe8801f50d40c0],
PUP.Optional.Feven.A, HKU\S-1-5-21-2982737377-722400272-4200008662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven pro 1.2, Quarantined, [a24677d93744d95d86894346946e3ac6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421153}, Quarantined, [dd0baaa61f5ce84eed53ac9c5aaa9769],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421153}, Quarantined, [dd0baaa61f5ce84eed53ac9c5aaa9769],

Valores de Registro: 2
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_br_128, Quarantined, [c91f0c44f28963d3389fe2a00ef432ce],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com, Quarantined, [a444420e46359e98992b2466d62cc23e]

Dados do Registro: 5
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://istart.webssearches.com/web/?type=ds&ts=1399853576&from=tugs&uid=HitachiXHTS545050A7E380_TE8513L905UTKP05UTKPX&q={searchTerms}),Replaced,[618796ba2259a6908fb19f9cc34153ad]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://istart.webssearches.com/?type=hp&ts=1399853576&from=tugs&uid=HitachiXHTS545050A7E380_TE8513L905UTKP05UTKPX),Replaced,[ab3df85857241323b688c17a22e23bc5]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://istart.webssearches.com/?type=hp&ts=1399853576&from=tugs&uid=HitachiXHTS545050A7E380_TE8513L905UTKP05UTKPX),Replaced,[40a8a0b0a8d32115bd8543f83dc7d42c]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[4c9c3a161665c67096dbf84de91b33cd]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[d2163818abd04beb571abd8835cf17e9]

Pastas: 32
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [9a4e27297b00b680190318469a6815eb],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\include, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\include\tools, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\en, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\en-US, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\es, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\es-419, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\fr, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\it, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\it-CH, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\pl, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\ru, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\tr, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\vi, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\weather, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\defaults, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\defaults\preferences, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\modules, Quarantined, [21c7143c84f7270ffe580b6980823cc4],

Arquivos: 77
PUP.Optional.DomaIQ, C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\IE\DJQ0ACBC\flvplayer update v13.0.0.206.exe, Quarantined, [40a87fd1ec8fbf779f08fa49f60a37c9],
PUP.Optional.InstallCore.A, C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\IE\DJQ0ACBC\Setup[1].exe, Quarantined, [6b7dd67a601bdb5bacb628486f92d22e],
PUP.Optional.SupTab.A, C:\zoek_backup\C_PROGRA~2_SupTab\SupTab.dll, Quarantined, [1fc9b8981d5e67cf84cbff3605fbb749],
PUP.Optional.IePluginService.A, C:\zoek_backup\C_PROGRA~3_IePluginService\PluginService.exe, Quarantined, [80687dd3661554e229360253e71ac63a],
PUP.Optional.SupTab.A, C:\zoek_backup\C_Users_cesar_AppData_Roaming_SupTab\SupTab.dll, Quarantined, [36b24808ccaffd39d17e5dd87f816c94],
PUP.Optional.WpManager, C:\zoek_backup\C_PROGRA~3_WPM\wprotectmanager.exe, Quarantined, [18d0b799601b6ec8cbf2253ab051bb45],
PUP.Optional.Superfish.A, C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [d5135af6364563d3293a9edf2ed459a7],
PUP.Optional.Superfish.A, C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [07e1430d73084bebe57e4835b54def11],
PUP.Optional.Superfish.A, C:\Users\helen_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [727672de2f4c67cf4b18017c8e7413ed],
PUP.Optional.Superfish.A, C:\Users\helen_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [11d7123e90eb61d5392a7d00b44e7090],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\6205d7fb-e736-4471-87e2-0b880e332552-3.job, Quarantined, [8b5d1f3182f95adc0c9ad9af2dd545bb],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\95957052-71f9-4e65-a359-4f6eedeaf3ca-1.job, Quarantined, [9157ea66e09b15217d298dfb55adf20e],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\95957052-71f9-4e65-a359-4f6eedeaf3ca-2.job, Quarantined, [dc0c153beb90bc7abaec7612c63c05fb],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\95957052-71f9-4e65-a359-4f6eedeaf3ca-6.job, Quarantined, [589061efb1ca81b59d0906827191c63a],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\95957052-71f9-4e65-a359-4f6eedeaf3ca-7.job, Quarantined, [9553361a0f6cad897234d4b4d42ed62a],
Rogue.Multiple, C:\ProgramData\374311380\BITFAD4.tmp, Quarantined, [9a4e27297b00b680190318469a6815eb],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome.manifest, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\install.rdf, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\index.html, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\quick_start.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\quick_start.xul, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\include\speed_dial.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\include\tools\about_blank_hook.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\include\tools\misc.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\include\tools\popup_image_helper.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\include\tools\urlrequestor.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\js\common.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\js\doT.min.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\js\ga.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\js\jquery-2.1.0.min.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\js\jquery.autocomplete.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\js\js.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\content\js\xagainit.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\en\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\en-US\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\es\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\es-419\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\fr\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\it\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\it-CH\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\pl\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\ru\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\tr\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\vi\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW\locale.properties, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\arrow.png, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo.png, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo_hover.png, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\default_logo.png, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\googlelogo.png, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\googlelogo2.png, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\google_trends.png, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\icon.png, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\loading.gif, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\logo.ico, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\logo.png, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\logo32.ico, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\style.css, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\chrome\skin\weather\0.png, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\defaults\preferences\fvd.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\modules\addonmanager.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\modules\aes.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\modules\config.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\modules\dialogs.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\modules\last_tab.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\modules\misc.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\modules\properties.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\modules\remoterequest.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\modules\restoreprefs.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],
PUP.Optional.QuickStart.A, C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\extensions\quick_start@gmail.com\modules\settings.js, Quarantined, [21c7143c84f7270ffe580b6980823cc4],

Physical Sectors: 0
(No malicious items detected)


(end)

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.208 - Relatório criado 13/05/2014 às 12:42:58
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : cesar - CASA
# Executando de : C:\Users\cesar\Downloads\AdwCleaner (1).exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : vosr

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Program Files (x86)\Uninstaller
Pasta Deletada : C:\Users\cesar\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Arquivo Deletada : C:\Users\cesar\AppData\Roaming\aps.uninstall.scan.results
Arquivo Deletada : C:\Users\cesar\Desktop\Continue VuuPC Installation.lnk

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKCU\Software\AnyProtect
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeven pro 1.2
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerplus
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller
Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17037

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7002 octets] - [08/05/2014 10:48:07]
AdwCleaner[R1].txt - [2669 octets] - [08/05/2014 11:20:16]
AdwCleaner[R2].txt - [2789 octets] - [08/05/2014 11:56:12]
AdwCleaner[R3].txt - [3532 octets] - [13/05/2014 12:33:12]
AdwCleaner[S0].txt - [6193 octets] - [08/05/2014 11:00:38]
AdwCleaner[S1].txt - [2703 octets] - [08/05/2014 11:32:33]
AdwCleaner[S2].txt - [2823 octets] - [08/05/2014 12:05:03]
AdwCleaner[S3].txt - [3106 octets] - [13/05/2014 12:42:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3166 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by cesar on 13/05/2014 at 13:13:44,23.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\cesar\Downloads\zoek (2).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-10-044828.log 24143 bytes
C:\zoek-results2014-05-12-030514.log 29910 bytes

==== System Restore Info ======================

13/05/2014 13:37:40 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08/05/2014 12:01]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/05/2014 12:00]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46]

Google Docs - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Skype Click to Call - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Skype Click to Call - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\cesar\Desktop\Any Video Converter.lnk - C:\Program Files (x86)\AnvSoft\Any Video Converter\AVCFree.exe
C:\Users\cesar\Desktop\brutalchess - Atalho.lnk - C:\Program Files (x86)\Brutal Chess\bin\brutalchess.exe
C:\Users\cesar\Desktop\Celestia.lnk - C:\Program Files (x86)\Celestia\celestia.exe
C:\Users\cesar\Desktop\Continue Tapin Radio Installation.lnk - C:\Users\cesar\AppData\Local\Temp\ICReinstall_tapin-radio-1581-32-bits (1).exe /RR
C:\Users\cesar\Desktop\Photoshop - Atalho.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe
C:\Users\cesar\Desktop\TapinRadio.lnk - C:\Program Files (x86)\TapinRadio\TapinRadio.exe
C:\Users\cesar\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\cesar\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\cesar\Desktop\µTorrent.lnk -
C:\Users\cesar\Desktop\Minhas músicas\500 CLASSIC ROCK SONGS 1 - Atalho.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Amostra de música.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Atalho para Johnny Cash.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Atalho para Karunesh Discography 17 Albums By E-Services.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Atalho para Phil Thornton-Genre New Age.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Joe Satriani - Atalho.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Native American Music - Atalho.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Oliver Shanti - Atalho.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Peter Ilyich Tchaikovsky - The Symphonies [Haitink] - Atalho.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Microsoft Flight Simulator 2004.lnk - C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\fs9.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Stellarium.lnk - C:\Program Files (x86)\Stellarium\stellarium.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH

==== shortcuts in Users Start Menu ======================

C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast antivirus.lnk -
C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\cesar\Documents
C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira.lnk -
C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\cesar\Pictures
C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brutal Chess\Brutal Chess.lnk - C:\Program Files (x86)\Brutal Chess\bin\brutalchess.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brutal Chess\Uninstall.lnk - C:\Program Files (x86)\Brutal Chess\Uninstall.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\cesar\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\cesar\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\cesar\Documents
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\cesar\Pictures
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\cesar\Documents
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\cesar\Pictures
C:\Users\helen_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\cesar\Documents
C:\Users\helen_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\cesar\Pictures
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\cesar\Documents
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\cesar\Pictures

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\MyBitCast\Uninstall.lnk - C:\Program Files (x86)\ASUS\MyBitCast\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKV Player\MKV Player.lnk - C:\Program Files (x86)\MKV Player\MKV Player.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TapinRadio\TapinRadio.lnk - C:\Program Files (x86)\TapinRadio\TapinRadio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TapinRadio\Uninstall TapinRadio.lnk - C:\Program Files (x86)\TapinRadio\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Brutal Chess.lnk - C:\Program Files (x86)\Brutal Chess\bin\brutalchess.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ASUS Install.lnk - C:\eSupport\eDriver\AsInsWiz.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eManual.Lnk - C:\eSupport\Manual\eManual.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Publisher 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\MSPUB.EXE
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ASUS Install.lnk - C:\eSupport\eDriver\AsInsWiz.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eManual.Lnk - C:\eSupport\Manual\eManual.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\helen_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\helen_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\cesar\AppData\Local\Mozilla\Firefox\Profiles\fcm82ci4.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\helen_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=128 folders=26 5107886 bytes)

==== Empty Temp Folders ======================

C:\Users\cesar\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\helen_000\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\cesar\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 13/05/2014 at 15:39:11,70 ======================

Como está o PC?

travando um pouco no navegador e demorando novamente ao iniciar o desktop

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Single Language x64
Ran by cesar on 13/05/2014 at 17:33:59,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/05/2014 at 18:05:28,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Abra o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

esta melhor, mas é estranho, o not fica processando quase constantemente quando o chrome esta aberto, entro em gerenciador de tarefas e não á nenhum processamento suspeito, apenas o chrome usando 30% do not sem ação nenhuma, ele para de processar depois de 1 minuto mais ou menos, ai normaliza, não á extensões ativadas.

Siga a dica que te passei na resposta acima.

~ Relatório do ZHPDiag v2014.5.13.62 - Nicolas Coolman (13/05/2014)
~ Iniciado por cesar (13/05/2014 23:52:38)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17105
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)
OPIE: Opera vStable 21.0.1432.57

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W8

---\\ Softwares d'optimização do sistema
CCleaner v4.13

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3673 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 75 GB (40%) free of 186 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA
~ User Name: cesar
~ All Users Names: HomeGroupUser$, helen_000, Convidado, cesar, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\cesar\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\cesar\AppData\Roaming\
~ %Desktop% : C:\Users\cesar\Desktop\
~ %Favorites% : C:\Users\cesar\Favorites\
~ %LocalAppData% : C:\Users\cesar\AppData\Local\
~ %StartMenu% : C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 75 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 220 Go of 258 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.18/04/2014 - 17:03:22.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/03/2014 - 07:18:18.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.18/04/2014 - 17:03:21.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 07:18:19.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.18/04/2014 - 17:03:21.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.18/04/2014 - 17:03:21.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.18/03/2014 - 06:44:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.18/03/2014 - 07:17:55.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/12
~ Mes Videos (My Videos) : 6/33
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/849
~ Mon Bureau (My Desktop) : 2/12034
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 29s



---\\ Processos lançados
[MD5.60E844AE5920B75399DDBD9F3AE1C7A0] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe [1272400] [PID.2300] =>P2P.BitTorrent
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.2952]
[MD5.23075147F62C896784C66D706F38360E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328504] [PID.4428]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.2336]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.4276]
[MD5.B7BCA8A30CE13A283CDBDECEF5616C39] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192] [PID.4744]
[MD5.97202E9C0D86387888435470CCAF45BE] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [192000] [PID.4180]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.2256]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.3284]
[MD5.7C58A2513C3DA421A461D75C66C56D21] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1123536] [PID.4044]
[MD5.498622161649098034DA1893F00E9762] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.1412]
[MD5.8DF7F2A9B72B7CA4294BB9E59FEAEFCD] - (.Microsoft Corporation - Host WWA Microsoft.) -- C:\WINDOWS\syswow64\wwahost.exe [514560] [PID.2332]
[MD5.AB47E7B4E19B3776681697EAB1937999] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7874560] [PID.4076]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 06s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [cesar]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [cesar]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 10s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\cesar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKCU\..\Run: [TapinRadio] . (.Raimersoft - Internet Radio Application.) -- C:\Program Files (x86)\TapinRadio\TapinRadio.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\cesar\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [DApp] C:\Program Files\PCDApp\start.vbs (.not file.) =>Trojan.BitCoinMiner
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\cesar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [TapinRadio] . (.Raimersoft - Internet Radio Application.) -- C:\Program Files (x86)\TapinRadio\TapinRadio.exe
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\cesar\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Paragon APM service (apmwinsrv) . (...) - C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
~ Services: 6 Legitimates Filtered in 00mn 23s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1001Core [916]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1001UA [938]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1004Core [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1004UA [954]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [920]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [920]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1076]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 16s



---\\ Software instalados (042)
O42 - Logiciel: Battle vs. Chess - (.Zuxxez Entertainment.) [HKLM][64Bits] -- Battle vs. Chess_is1
O42 - Logiciel: Brutal Chess - (...) [HKLM][64Bits] -- Brutal Chess
~ Logic: 34 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Brutal Chess]
[HKCU\Software\PCDataApp]
[HKCU\Software\Zuxxezz]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\PCDataApp]
[HKLM\Software\Wow6432Node\Zuxxez]
~ Key Software: 252 Legitimates Filtered in 00mn 02s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/04/2014 - 20:53:13 - [] ----D C:\Program Files (x86)\Brutal Chess
O43 - CFD: 14/03/2014 - 13:05:55 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 13/04/2014 - 13:42:01 - [] ----D C:\Program Files (x86)\Zuxxez
O43 - CFD: 18/04/2014 - 17:40:12 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brutal Chess
O43 - CFD: 18/04/2014 - 17:25:14 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
~ Program Folder: 142 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7518640D625C38F2494A277C6E75FA44] - 08/05/2014 - 02:40:47 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O44 - LFC:[MD5.340B0467E98A8C92697D73034DB4BCB7] - 08/05/2014 - 12:01:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.037265FBC714B4D16F1B99937686A9EB] - 10/05/2014 - 01:48:28 ---A- . (...) -- C:\zoek-results2014-05-10-044828.log [24143]
O44 - LFC:[MD5.003A6094EB3538BF1280324708382E5B] - 12/05/2014 - 00:05:14 ---A- . (...) -- C:\zoek-results2014-05-12-030514.log [29910]
O44 - LFC:[MD5.77DBE0A0FE2A6D9C545CCE4B7BE5E287] - 12/05/2014 - 17:57:03 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [158494]
O44 - LFC:[MD5.C67DABADA4A743C52CF49E8335F63707] - 12/05/2014 - 17:57:03 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [774900]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 13/05/2014 - 13:13:12 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.35DF72AAEC18F9F0FFD3EDD87187FFC1] - 13/05/2014 - 15:39:11 ---A- . (...) -- C:\zoek-results.log [21453]
~ Files: 29 Legitimates Filtered in 01mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:08/05/2014 - 12:01:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:08/05/2014 - 12:01:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:08/05/2014 - 12:01:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:29/11/2013 - 01:16:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:25/09/2013 - 08:15:06 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:29/11/2013 - 01:16:30 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [121312]
O58 - SDL:08/05/2014 - 02:40:47 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 67 Legitimates Filtered in 00mn 12s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.043EF20817A86DAC04EF586F99D99315] [SPRF][13/05/2014] (...) -- C:\Users\cesar\AppData\Roaming\sp_data.sys [408]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{E0F7D2EB-7EE9-499F-8AB8-7A9731E1D179}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{079F517B-488E-4F34-A8E3-A4F7C664E153}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 08s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
~ BTK: 18 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{22222222-2222-2222-2222-220522422253}] (CrossriderApp0054253.Sandbox) =>PUP.CrossRider
~ BCK: 5281 Legitimates Filtered in 00mn 34s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Demand 10/07/1658 0 | (globalUpdatem) . (...) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Auto 11/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/01/2013 1280768 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Demand 13/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 26/07/2013 66768 | (apmwinsrv) . (...) - C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
SR - | Demand 15/01/2013 107320 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Demand 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Demand 19/12/2012 72192 | (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Demand 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 08/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 39s



---\\ Scâner Aditional (088)
Database Version : 13045 - (13/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522422253}] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:DApp =>Trojan.BitCoinMiner^
C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKCR\CLSID\{22222222-2222-2222-2222-220522422253}] (CrossriderApp0054253.Sandbox) =>PUP.CrossRider^
~ Additionnel Scan: 256557 Items scanned in 02mn 27s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.BitCoinMiner
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ MSI: 4 link(s) detected in 00mn 00s



~ 637 Legitimates filtered by white list
End of the scan (437 lines in 07mn 04s)(0)

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
___________________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by cesar at 14/05/2014 00:17:44
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\PCDataApp
ELIMINÉ: HKLM\Software\Wow6432Node\PCDataApp
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
ELIMINÉ:* HKCR\CLSID\{22222222-2222-2222-2222-220522422253}

========== Valores do Registo ==========
ELIMINÉ RunValue: DApp
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
5 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 12s

========== Caminho do ficheiro do relatório ==========
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/05/2014 11:17:04 [2265]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R2].txt - 10/05/2014 11:49:05 [1076]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R3].txt - 14/05/2014 00:17:48 [1736]

Reinicie o PC para que a limpeza possa ser completada.

Depois de reiniciar, abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.5.13.62 - Nicolas Coolman (13/05/2014)
~ Iniciado por cesar (14/05/2014 10:47:47)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17105
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)
OPIE: Opera vStable 21.0.1432.57

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W8

---\\ Softwares d'optimização do sistema
CCleaner v4.13

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3673 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 75 GB (40%) free of 186 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA
~ User Name: cesar
~ All Users Names: HomeGroupUser$, helen_000, Convidado, cesar, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\cesar\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\cesar\AppData\Roaming\
~ %Desktop% : C:\Users\cesar\Desktop\
~ %Favorites% : C:\Users\cesar\Favorites\
~ %LocalAppData% : C:\Users\cesar\AppData\Local\
~ %StartMenu% : C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 75 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 220 Go of 258 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.18/04/2014 - 17:03:22.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/03/2014 - 07:18:18.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.18/04/2014 - 17:03:21.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 07:18:19.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.18/04/2014 - 17:03:21.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.18/04/2014 - 17:03:21.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.18/03/2014 - 06:44:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.18/03/2014 - 07:17:55.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/12
~ Mes Videos (My Videos) : 6/33
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/849
~ Mon Bureau (My Desktop) : 2/12035
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 41s



---\\ Processos lançados
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.4172]
[MD5.23075147F62C896784C66D706F38360E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328504] [PID.4980]
[MD5.60E844AE5920B75399DDBD9F3AE1C7A0] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe [1272400] [PID.4080] =>P2P.BitTorrent
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.2320]
[MD5.B7BCA8A30CE13A283CDBDECEF5616C39] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192] [PID.2752]
[MD5.97202E9C0D86387888435470CCAF45BE] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [192000] [PID.4004]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.3248]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.1096]
[MD5.7C58A2513C3DA421A461D75C66C56D21] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1123536] [PID.3644]
[MD5.498622161649098034DA1893F00E9762] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.5080]
[MD5.AB47E7B4E19B3776681697EAB1937999] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7874560] [PID.3208]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.4016]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 11s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [cesar]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [cesar]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 07s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\cesar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKCU\..\Run: [TapinRadio] . (.Raimersoft - Internet Radio Application.) -- C:\Program Files (x86)\TapinRadio\TapinRadio.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\cesar\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\cesar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [TapinRadio] . (.Raimersoft - Internet Radio Application.) -- C:\Program Files (x86)\TapinRadio\TapinRadio.exe
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\cesar\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Paragon APM service (apmwinsrv) . (...) - C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
~ Services: 6 Legitimates Filtered in 00mn 24s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1001Core [916]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1001UA [938]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1004Core [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1004UA [954]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [920]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [920]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1076]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 20s



---\\ Software instalados (042)
O42 - Logiciel: Battle vs. Chess - (.Zuxxez Entertainment.) [HKLM][64Bits] -- Battle vs. Chess_is1
O42 - Logiciel: Brutal Chess - (...) [HKLM][64Bits] -- Brutal Chess
~ Logic: 34 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Brutal Chess]
[HKCU\Software\Zuxxezz]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\Zuxxez]
~ Key Software: 250 Legitimates Filtered in 00mn 03s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/04/2014 - 20:53:13 - [] ----D C:\Program Files (x86)\Brutal Chess
O43 - CFD: 14/03/2014 - 13:05:55 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 13/04/2014 - 13:42:01 - [] ----D C:\Program Files (x86)\Zuxxez
O43 - CFD: 18/04/2014 - 17:40:12 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brutal Chess
O43 - CFD: 18/04/2014 - 17:25:14 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
~ Program Folder: 142 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7518640D625C38F2494A277C6E75FA44] - 08/05/2014 - 02:40:47 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O44 - LFC:[MD5.340B0467E98A8C92697D73034DB4BCB7] - 08/05/2014 - 12:01:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.037265FBC714B4D16F1B99937686A9EB] - 10/05/2014 - 01:48:28 ---A- . (...) -- C:\zoek-results2014-05-10-044828.log [24143]
O44 - LFC:[MD5.003A6094EB3538BF1280324708382E5B] - 12/05/2014 - 00:05:14 ---A- . (...) -- C:\zoek-results2014-05-12-030514.log [29910]
O44 - LFC:[MD5.77DBE0A0FE2A6D9C545CCE4B7BE5E287] - 12/05/2014 - 17:57:03 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [158494]
O44 - LFC:[MD5.C67DABADA4A743C52CF49E8335F63707] - 12/05/2014 - 17:57:03 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [774900]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 13/05/2014 - 13:13:12 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.35DF72AAEC18F9F0FFD3EDD87187FFC1] - 13/05/2014 - 15:39:11 ---A- . (...) -- C:\zoek-results.log [21453]
~ Files: 29 Legitimates Filtered in 00mn 49s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:08/05/2014 - 12:01:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:08/05/2014 - 12:01:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:08/05/2014 - 12:01:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:29/11/2013 - 01:16:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:25/09/2013 - 08:15:06 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:29/11/2013 - 01:16:30 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [121312]
O58 - SDL:08/05/2014 - 02:40:47 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 67 Legitimates Filtered in 00mn 11s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.043EF20817A86DAC04EF586F99D99315] [SPRF][14/05/2014] (...) -- C:\Users\cesar\AppData\Roaming\sp_data.sys [408]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{E0F7D2EB-7EE9-499F-8AB8-7A9731E1D179}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{079F517B-488E-4F34-A8E3-A4F7C664E153}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 08s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Demand 10/07/1658 0 | (globalUpdatem) . (...) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Auto 11/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/01/2013 1280768 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Demand 13/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 26/07/2013 66768 | (apmwinsrv) . (...) - C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
SR - | Demand 15/01/2013 107320 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Demand 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Demand 19/12/2012 72192 | (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Demand 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 08/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 37s



---\\ Scâner Aditional (088)
Database Version : 13045 - (13/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 256496 Items scanned in 02mn 42s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 2 link(s) detected in 00mn 00s



~ 635 Legitimates filtered by white list
End of the scan (415 lines in 07mn 22s)(0)

 Ainda há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, seria importante seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
___________________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by cesar at 14/05/2014 11:17:33
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 01s)

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 04s

========== Caminho do ficheiro do relatório ==========
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/05/2014 11:17:04 [2265]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R2].txt - 10/05/2014 11:49:05 [1076]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R3].txt - 14/05/2014 00:17:48 [1816]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R4].txt - 14/05/2014 11:17:35 [1152]

Desative temporariamente seu antivirus para evitar conflitos.

Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Execute-o da forma indicada nesta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

not esta melhor, mas confesso que ainda percebo entidades virais paranormais no meu not.kkk

¤¤¤¤¤¤¤¤¤¤ | Shortcut_Module | g3n-h@ckm@n | 11.05.2014.1

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 11:28:51 - 14/05/2014

Atualizado : 11/05/2014 | 12.25 Por g3n-h@ckm@n

Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Feedbacks : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Boot : Normal

Sistema : Windows 8.1 Single Language (64 bits) CoreSingleLanguage

Memória RAM = Total (MB) : 3761 | Livre (MB) : 2621
Pagefile = Total (MB) : 4417 | Livre (MB) : 3204
Virtual = Total (MB) : 4194 | Livre (MB) : 4


Registro protegido, restabelecer : C:\Shortcut_Module\Save\Clean\ERDNT.exe

¤¤¤¤¤¤¤¤¤¤ | Windows atualizado

Nenhuma atualização descoberta !!!

¤¤¤¤¤¤¤¤¤¤ | Navegadores

IE : 11.0.9600.17037 (© Microsoft Corporation. Todos os direitos reservados.)
FF : 28.0.0.5186 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 34.0.1847.131 (Copyright 2012 Google Inc. All rights reserved.)
OP : 21.0.1432.57 (Copyright © Opera Software 2014)

¤¤¤¤¤¤¤¤¤¤ | Security

AM : Malwarebytes' Anti-Malware (1.0.0.500) []
FW :
WMI : OK
WU: Windows Update Service [Manual(3)] = Começado
AS: Windows Defender [Manual(3)] = Ordem
FW: Windows FireWall Service [Auto(2)] = Começado

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

FlashPlayer ActiveX : 13.0.0.206
FlashPlayer Plugin : 13.0.0.214

¤¤¤¤¤¤¤¤¤¤ | Processos mortos

1112 | [Owner : SISTEMA |Parent : 680] - (.ASUSTeK Computer Inc. - ASUS FastBoot.) - (2.0.0.1) = C:\Windows\System32\FBAgent.exe
1308 | [Owner : SISTEMA |Parent : 680] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.3.9600.16384) = C:\Windows\System32\spoolsv.exe
1520 | [Owner : SISTEMA |Parent : 680] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.701.3.3014) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1544 | [Owner : SISTEMA |Parent : 680] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
1568 | [Owner : SISTEMA |Parent : 680] - (.Microsoft Corporation - Updates Skype Click to Call.) - (7.2.15747.10003) = C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
1592 | [Owner : SERVIÇO DE REDE |Parent : 680] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) - (7.2.15747.10003) = C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
1652 | [Owner : SISTEMA |Parent : 680] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) - (15.0.4615.1000) = C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
1740 | [Owner : SERVIÇO LOCAL |Parent : 576] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17031) = C:\Windows\System32\dasHost.exe
2244 | [Owner : SERVIÇO LOCAL |Parent : 576] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.3.9600.16384) = C:\Windows\System32\WUDFHost.exe
2772 | [Owner : SISTEMA |Parent : 296] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.3.9600.17031) = C:\Windows\System32\taskeng.exe
2796 | [Owner : cesar |Parent : 296] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.3.9600.17031) = C:\Windows\System32\taskhostex.exe
2824 | [Owner : cesar |Parent : 2804] - (.Microsoft Corporation - Windows Explorer.) - (6.3.9600.17039) = C:\Windows\explorer.exe
1508 | [Owner : SISTEMA |Parent : 2956] - (.Google Inc. - Google Crash Handler.) - (1.3.24.7) = C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
2304 | [Owner : SISTEMA |Parent : 2956] - (.Google Inc. - Google Crash Handler.) - (1.3.24.7) = C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
3400 | [Owner : SISTEMA |Parent : 680] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.9600.17031) = C:\Windows\System32\SearchIndexer.exe
3532 | [Owner : cesar |Parent : 760] - (.Microsoft Corporation - OneDrive Sync Engine Host.) - (6.3.9600.17055) = C:\Windows\System32\SkyDrive.exe
3744 | [Owner : cesar |Parent : 2824] - (.BitTorrent Inc. - µTorrent.) - (3.4.1.31139) = C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe
4500 | [Owner : cesar |Parent : 296] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.3.9600.17031) = C:\Windows\System32\taskeng.exe
4560 | [Owner : cesar |Parent : 4500] - (.Microsoft Corporation - Microsoft Office Document Cache.) - (15.0.4615.1000) = C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
4664 | [Owner : SISTEMA |Parent : 680] - (.AMD - AMD External Events Service Module.) - (6.14.11.1164) = C:\Windows\System32\atiesrxx.exe
4696 | [Owner : SISTEMA |Parent : 4664] - (.AMD - AMD External Events Client Module.) - (6.14.11.1164) = C:\Windows\System32\atieclxx.exe
4832 | [Owner : SISTEMA |Parent : 680] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.75.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
4912 | [Owner : SISTEMA |Parent : 4832] - (.ASUSTek Computer Inc. - HControl.) - (1.0.75.4) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
5040 | [Owner : SISTEMA |Parent : 680] - (.ASUS - ASUS InstantOn Program.) - (2.3.1.1) = C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
5100 | [Owner : SISTEMA |Parent : 4912] - (.ASUSTek Computer Inc. - KBFiltr.) - (1.0.67.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
3328 | [Owner : SISTEMA |Parent : 5040] - (.ASUS - ASUS InstantOn Program.) - (3.0.2.0) = C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
3560 | [Owner : SISTEMA |Parent : 680] - (. - Asus WebStorage Windows Service.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
4376 | [Owner : cesar |Parent : 4976] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.24.2) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
4416 | [Owner : cesar |Parent : 4984] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.15.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
1940 | [Owner : cesar |Parent : 1112] - (.ASUS - ACMON .) - (1.0.8.0) = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2232 | [Owner : cesar |Parent : 760] - (.ASUSTeK - ACEngSvr Module.) - (1.0.0.4) = C:\Windows\SysWOW64\ACEngSvr.exe
2916 | [Owner : SISTEMA |Parent : 680] - (.ASUS - GFNEXSrv.) - (1.0.11.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
4908 | [Owner : cesar |Parent : 1112] - (.CyberLink Corp. - PowerDVD RC Service.) - (10.0.4313.0) = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
3208 | [Owner : cesar |Parent : 1112] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) - (1.0.0.819) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4484 | [Owner : cesar |Parent : 296] - (.ASUSTeK Computer Inc. - ASUS Live Update.) - (3.1.9.0) = C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
860 | [Owner : cesar |Parent : 296] - (.ASUS - Power4Gear Hybrid.) - (1.1.1.11) = C:\Program Files\ASUS\P4G\BatteryLife.exe
4660 | [Owner : cesar |Parent : 296] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) - (2.0.9.0) = C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
4976 | [Owner : cesar |Parent : 4612] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.14.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
4428 | [Owner : cesar |Parent : 4976] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) - (1.0.7.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
876 | [Owner : cesar |Parent : 4976] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) - (1.0.7.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
1804 | [Owner : cesar |Parent : 4976] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.50) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
2904 | [Owner : cesar |Parent : 1804] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.12.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
2332 | [Owner : cesar |Parent : 760] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (6.3.9600.17031) = C:\Windows\System32\SettingSyncHost.exe
4328 | [Owner : cesar |Parent : 760] - (.Microsoft Corporation - Windows Reader.) - (6.3.9600.17044) = C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
1776 | [Owner : cesar |Parent : 760] - (.Microsoft Corporation - Runtime Broker.) - (6.3.9600.16384) = C:\Windows\System32\RuntimeBroker.exe
4572 | [Owner : SISTEMA |Parent : 3400] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.9600.17031) = C:\Windows\System32\SearchProtocolHost.exe
3052 | [Owner : SISTEMA |Parent : 3400] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.9600.17031) = C:\Windows\System32\SearchFilterHost.exe
2388 | [Owner : SISTEMA |Parent : 680] - (.Microsoft Corporation - Instalador de Módulos do Windows.) - (6.3.9600.17031) = C:\Windows\servicing\TrustedInstaller.exe
5032 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (6.3.9600.17031) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe
1980 | [Owner : cesar |Parent : 3960] - (.Microsoft Corporation - Carregador CTF.) - (6.3.9600.16384) = C:\Windows\SysWOW64\ctfmon.exe
4608 | [Owner : SISTEMA |Parent : 680] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) - (15.0.4615.1000) = C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
2880 | [Owner : SERVIÇO LOCAL |Parent : 576] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17031) = C:\Windows\System32\dasHost.exe
4492 | [Owner : SERVIÇO LOCAL |Parent : 576] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.3.9600.16384) = C:\Windows\System32\WUDFHost.exe

¤¤¤¤¤¤¤¤¤¤ | Processos começados

344 | [Owner : SISTEMA |Parent : 4] - (.Microsoft Corporation - Gerenciador de Sessão do Windows.) - (6.3.9600.17031) = C:\Windows\System32\smss.exe
484 | [Owner : SISTEMA |Parent : 436] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe
580 | [Owner : SISTEMA |Parent : 436] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) - (6.3.9600.16384) = C:\Windows\System32\wininit.exe
588 | [Owner : SISTEMA |Parent : 572] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe
644 | [Owner : SISTEMA |Parent : 572] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) - (6.3.9600.17031) = C:\Windows\System32\winlogon.exe
680 | [Owner : SISTEMA |Parent : 580] - (.Microsoft Corporation - Aplicativo de serviços e controle.) - (6.3.9600.16384) = C:\Windows\System32\services.exe
692 | [Owner : SISTEMA |Parent : 580] - (.Microsoft Corporation - Local Security Authority Process.) - (6.3.9600.16384) = C:\Windows\System32\lsass.exe
760 | [Owner : SISTEMA |Parent : 680] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
804 | [Owner : SERVIÇO DE REDE |Parent : 680] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
896 | [Owner : DWM-1 |Parent : 644] - (.Microsoft Corporation - Gerenciador de Janelas da Área de Trabalho.) - (6.3.9600.17031) = C:\Windows\System32\dwm.exe
1004 | [Owner : SERVIÇO LOCAL |Parent : 680] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
296 | [Owner : SISTEMA |Parent : 680] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
360 | [Owner : SERVIÇO LOCAL |Parent : 680] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
576 | [Owner : SISTEMA |Parent : 680] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
408 | [Owner : SERVIÇO DE REDE |Parent : 680] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
1164 | [Owner : SISTEMA |Parent : 680] - (.AVAST Software - avast! Service.) - (9.0.2018.391) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1368 | [Owner : SERVIÇO LOCAL |Parent : 680] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
1392 | [Owner : SERVIÇO LOCAL |Parent : 680] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
2120 | [Owner : SERVIÇO DE REDE |Parent : 680] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
3960 | [Owner : cesar |Parent : 3908] - (.AVAST Software - avast! Antivirus.) - (9.0.2018.391) = C:\Program Files\AVAST Software\Avast\AvastUI.exe
4256 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.16384) = C:\Windows\System32\wbem\WmiPrvSE.exe
1872 | [Owner : SISTEMA |Parent : 680] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
3896 | [Owner : SERVIÇO LOCAL |Parent : 1004] - (.Microsoft Corporation - Isolamento de Gráfico de Dispositivo de Áudio do Windows .) - (6.3.9600.17041) = C:\Windows\System32\audiodg.exe
4196 | [Owner : cesar |Parent : 4632] - (. - Shortcut_Module.) - (11.5.2014.1) = C:\Users\cesar\Downloads\Shortcut_Module.exe
4948 | [Owner : SISTEMA |Parent : 680] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) - (15.0.4615.1000) = C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
4216 | [Owner : SERVIÇO LOCAL |Parent : 576] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17031) = C:\Windows\System32\dasHost.exe
4680 | [Owner : SERVIÇO LOCAL |Parent : 576] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.3.9600.16384) = C:\Windows\System32\WUDFHost.exe
4092 | [Owner : cesar |Parent : 4196] - (. - Process Stopper.) - (1.0.0.0) = C:\Shortcut_Module\Protect_Module.exe

¤¤¤¤¤¤¤¤¤¤ | RUN

04 - [64] HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - [64] HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - [64] HKLM\..\Run : [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - [64] HKLM\..\Run : [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - [32] HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKU\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run : [uTorrent] "C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run : [SkyDrive] "C:\Users\cesar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
04 - HKU\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run : [TapinRadio] "C:\Program Files (x86)\TapinRadio\TapinRadio.exe" /show=minimizedtotray
04 - HKU\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run : [Facebook Update] "C:\Users\cesar\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

¤¤¤¤¤¤¤¤¤¤ | Serviços


funcionando : MMCSS
funcionando : Dhcp
funcionando : TcpIp
funcionando : WinHttpAutoProxysvc
funcionando : SSDPSRV
Serviço parado : SSDPSRV
funcionando : MPSSvc
Serviço parado : MPSSvc
funcionando : LanmanServer
funcionando : DNScache
Serviço parado : DNScache
Apagado prosperamente : HKLM\..\ControlSet001\Services\globalUpdatem : Keeps your Freeven software up to date. If this service is disabled or stopped, your Freeven software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Freeven software using it.

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\WINDOWS\System32\Drivers\etc\hosts : Reponha para zerar prosperamente

¤¤¤¤¤¤¤¤¤¤ | Registro

Apagado prosperamente : [64]HKLM\Software\Classes\AniGIFCtrl.AniGIF
Apagado prosperamente : [64]HKLM\Software\Classes\AniGIFPpg.AniGIFPpg.1
Apagado prosperamente : [64]HKLM\Software\Classes\AniGIFPpg2.AniGIFPpg2.1
Apagado prosperamente : [64]HKLM\Software\Classes\globalUpdate.OneClickCtrl.10
Apagado prosperamente : [64]HKLM\Software\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Apagado prosperamente : [64]HKLM\Software\Classes\AniGIFPpg.AniGIFPpg
Apagado prosperamente : [64]HKLM\Software\Classes\globalUpdate.OneClickProcessLauncherMachine
Apagado prosperamente : [32]HKLM\Software\Classes\AniGIFPpg2.AniGIFPpg2
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Internet Explorer\DOMStorage\portaldosites.com
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\qone8.com
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.qone8.com
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2982737377-722400272-4200008662-1001\Software\ShopperPro
Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} : globalUpdate.OneClickProcessLauncher
Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} : AniGIFPpg2 Class
Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} : AniGIFPpg Class
Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} : C:\Windows\SysWow64\AniGIF.ocx
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{49B868F0-D9F9-4F23-992D-A2A423F406E4} : ISafeSaveHandleManager
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{5252AC41-94BB-11D1-B2E7-444553540000} : IAniGIFEvents
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A} : ISearchQueryCondition
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{78c6b6af-1777-5f03-9f99-95541630b5f2} : VectorChangedEventHandler
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF} : IAniGIF
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} : ISearchQueryHelper
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{b423a801-d35e-56b9-813b-00889536cb98} : VectorChangedEventHandler
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{BB94DAAD-7836-4D62-9557-2A7B83839B7B} : ISafeSaveHandleManager
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{cb6c396f-4861-5296-b14b-bd90b941a3e0} : VectorChangedEventHandler
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{DAF611F6-C2A6-41E8-B9A9-AFC0EFFDA9ED} : ISafeshop
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{E65BD7F9-275B-4AFF-B384-C66AD8046D96} : IGatherStoreAppSupport
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{49B868F0-D9F9-4F23-992D-A2A423F406E4} : ISafeSaveHandleManager
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{5252AC41-94BB-11D1-B2E7-444553540000} : IAniGIFEvents
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{55555555-5555-5555-5555-550555425553} : ICrossriderBHO
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A} : ISearchQueryCondition
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF} : IAniGIF
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{BB94DAAD-7836-4D62-9557-2A7B83839B7B} : ISafeSaveHandleManager
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{DAF611F6-C2A6-41E8-B9A9-AFC0EFFDA9ED} : ISafeshop
Apagado prosperamente : [64]HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]|[C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-nova.exe] : 8000
Apagado prosperamente : [64]HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]|[Freeven pro 1.2-bg.exe] : 8000
Apagado prosperamente : [64]HKLM\Software\Microsoft\Tracing\flvplayer update v13_RASAPI32
Apagado prosperamente : [64]HKLM\Software\Microsoft\Tracing\flvplayer update v13_RASMANCS
Apagado prosperamente : [HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Mozilla\Extends]|[appid] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Trolltech
Apagado prosperamente : HKU\S-1-5-18\Software\AskPartnerNetwork
Apagado prosperamente : HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}(\_70e6ca8c\eae10f9d|[0dc3ee96]) : /P////%%
Apagado prosperamente : HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}(\_70e6ca8c\eae10f9d|[0dc3ee96]) : /P////%%
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} : ShopperReports.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} : alotBHO.dll;alotBHO.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} : eBayTB.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} : ShoppingReport.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} : PCTBrowserDefender.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} : BabylonToolbar.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825} : PCTBrowserDefender.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{57F02779-3D88-4958-8AD3-83C12D86ADC7} : advancedsearchbar.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} : alot.dll;alot.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} : eBayTB.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} : BabylonToolbar.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} : ShoppingReport.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} : advancedsearchbar.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} : BabylonToolbarTlbr.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{063a0dd6-64da-4e52-8abb-ee0f16738553} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fd109b7f-7e27-4d47-b844-afe06ab04f85} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : [32]HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{063a0dd6-64da-4e52-8abb-ee0f16738553} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : [32]HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fd109b7f-7e27-4d47-b844-afe06ab04f85} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{063a0dd6-64da-4e52-8abb-ee0f16738553} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14B8DE47-84CF-42D1-B335-5668E439719} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4416C4BF-B74-42DA-B99-47EA9E314E7F} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59174619-922B-4BA9-9332-A8225B3FE1FB} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D368CBD4-8C95-48A4-B094-5A5CD4FD114D} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fd109b7f-7e27-4d47-b844-afe06ab04f85} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3799DD16-9809-4953-BE6F-26CAC5ED853} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : HKU\S-1-5-21-2982737377-722400272-4200008662-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{758F8C8E-7136-4959-BC6B-143CFBAC61E1} : C:\Program Files (x86)\Freeven pro 1.2
Apagado prosperamente : [64][HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]|[C:\Windows\System32\AniGIF.ocx]

¤¤¤¤¤¤¤¤¤¤ | IFEO


¤¤¤¤¤¤¤¤¤¤ | Arquivos

Apagado prosperamente : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job = Freeven
Apagado prosperamente : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job = Freeven
Apagado prosperamente : C:\WINDOWS\System32\AniGIF.ocx (Copyright 1996 - 1998, Jin Hui - Animation GIF Control) [OFN : ANIGIF.OCX]
Apagado prosperamente : C:\WINDOWS\System32\NdfEventView.xml ()
Apagado prosperamente : [cesar | GC] : gomekmidlodglbbmalcneegieacbdmki = Browser Security
Apagado prosperamente : C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\File System\002\t
Apagado prosperamente : C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vube.com_0.localstorage (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vube.com_0.localstorage-journal (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.portaldosites.com_0.localstorage (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.portaldosites.com_0.localstorage-journal (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.search.ask.com_0.localstorage (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.search.ask.com_0.localstorage-journal (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\58LT8VCQ\cdncache-a.akamaihd.net
Apagado prosperamente : C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\58LT8VCQ\macromedia.com\support\flashplayer\sys\#cdncache-a.akamaihd.net
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NewPlayerUpdaterService.exe.log (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Internet Explorer\DOMStore\B292PYLP\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\IE\DJQ0ACBC\smt_qone8_new[2].exe (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\IE\M2MYBDIQ\smt_qone8_new[1].exe (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\IE\U2XZK76T\smt_qone8_new[1].exe (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\IE\WPOIV8DT\AnyProtect[1].exe (2013 (C).-.AnyProtect)[OFN : AnyProtect.exe]
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\IE\WPOIV8DT\Setup[1].exe (Copyright 2013.-.AnyProtect)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\Low\SuggestedSites.dat (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\Low\IE\171WAGLY\headAll_201405021234[1].js (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X9Q8GB4E\getSupportedSitesJSON[1].js (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X9Q8GB4E\headAll_201405021234[1].js (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\Virtualized\C\Users\cesar\Application Data\SupTab
Apagado prosperamente : C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCookies\I83SNZ8K.txt (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Q06NJOQR\istart.webssearches[1].xml (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\RMH77RLZ\start.qone8[1].xml (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\RMH77RLZ\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (.-.)
Apagado prosperamente : C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Recent\ShopperPro.lnk (.-.)
Apagado prosperamente : [cesar | OP] : majjphhgppkndjjkmhhnbgafooenebhd = MediaPlayerPlus
Apagado prosperamente : C:\Users\cesar\Desktop\Minhas músicas\Mistera discografia\ZIP\_Mystera oldallink\q-Mystera_elemei\searchresults.js (.-.)
Apagado prosperamente : C:\Users\cesar\Desktop\Tor Browser\Browser\browser\searchplugins\amazondotcom.xml (.-.)
Apagado prosperamente : C:\Users\cesar\Desktop\Tor Browser\Browser\browser\searchplugins\eBay.xml (.-.)
Apagado prosperamente : [helen_000 | GC] : gomekmidlodglbbmalcneegieacbdmki = Browser Security
Apagado prosperamente : C:\Users\helen_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_thepiratebay.se_0.localstorage (.-.)
Apagado prosperamente : C:\Users\helen_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_thepiratebay.se_0.localstorage-journal (.-.)
Apagado prosperamente : C:\Users\helen_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.search.ask.com_0.localstorage (.-.)
Apagado prosperamente : C:\Users\helen_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.search.ask.com_0.localstorage-journal (.-.)
Apagado prosperamente : C:\Users\helen_000\AppData\Local\Microsoft\Internet Explorer\DOMStore\KDNVI5UQ\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (.-.)
Apagado prosperamente : C:\Users\helen_000\AppData\Local\Microsoft\Windows\INetCache\Low\SuggestedSites.dat (.-.)
Apagado prosperamente : C:\Users\helen_000\AppData\Local\Microsoft\Windows\INetCache\Virtualized\C\Users\helen_000\Application Data\SupTab
Apagado prosperamente : C:\Users\helen_000\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9KERTFFW\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (.-.)

¤¤¤¤¤¤¤¤¤¤ | Malversações de atalhos


¤¤¤¤¤¤¤¤¤¤ | Proxy

Consertado : [HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Malversações internet Explorer

Consertado : [HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Internet Explorer\Main]|[Start Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\WINDOWS\system32\blank.htm -> C:\WINDOWS\SysWOW64\blank.htm
Consertado : [HKU\S-1-5-21-2982737377-722400272-4200008662-1001\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\WINDOWS\SysWOW64\blank.htm
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\WINDOWS\SysWOW64\blank.htm
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\WINDOWS\SysWOW64\blank.htm
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

¤¤¤¤¤¤¤¤¤¤ | Malversações Google Chrome

[cesar] Reponha para zerar prosperamente : SearchURL
[cesar] Reponha para zerar prosperamente : Preferences

[cesar] : nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co
[helen_000] : aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co
[helen_000] : apdfllckaahabafndbhieahigkjlhalf = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co
[helen_000] : blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co
[helen_000] : coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co
[helen_000] : lifbcibllhkdhoafpjfnlhfpfgnpldfl = : Skype Click to Call - Skype Click to Call
[helen_000] : nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co
[helen_000] : pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co

¤¤¤¤¤¤¤¤¤¤ | Malversações Firefox

[cesar] Apagado prosperamente : C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\sessionstore.js
[cesar] Apagado prosperamente : user_pref("extensions.enabledAddons", "quick_start%40gmail.com:3.2.0,quick_start%40gmail.com:3.2.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0");


¤¤¤¤¤¤¤¤¤¤ | Opera


¤¤¤¤¤¤¤¤¤¤ | Malversação de chaves StartMenuInternet

Consertado : [64][HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -> "C:\Program Files\Mozilla Firefox\Firefox.exe"
Consertado : [64][HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\safemode\command] : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode -> "C:\Program Files\Mozilla Firefox\Firefox.exe" -safe-mode
Consertado : [64][HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files (x86)\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"
Consertado : [64][HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -> "C:\Program Files\Google\Chrome\Application\chrome.exe"

¤¤¤¤¤¤¤¤¤¤ | AppInit_DLLs

[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1
[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1

¤¤¤¤¤¤¤¤¤¤ | Malversações Javascript


¤¤¤¤¤¤¤¤¤¤ | Firewall

Consertado : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0
Consertado : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]|[EnableFirewall] : 1 -> 0
Consertado : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]|[EnableFirewall] : 1 -> 0


¤¤¤¤¤¤¤¤¤¤ | Arquivos temporários

[All Users] Arquivos temporários Apagado : 0 Ko
[cesar] Arquivos temporários Apagado : 3199 Ko
[Default] Arquivos temporários Apagado : 0 Ko
[Default User] Arquivos temporários Apagado : 0 Ko
[Default.migrated] Arquivos temporários Apagado : 0 Ko
[helen_000] Arquivos temporários Apagado : 0 Ko
[Public] Arquivos temporários Apagado : 0 Ko
[Todos os Usuários] Arquivos temporários Apagado : 0 Ko
[Usuário Padrão] Arquivos temporários Apagado : 0 Ko
[C:\WINDOWS\Temp] Arquivos temporários Apagado : 278 Ko
[C:\Temp] Arquivos temporários Apagado : 0 Ko


Outros relatórios


[X] : [1796 Ko]

Elementos analisados : 256265 | Infetado : 163

¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 13:31:55 | [42 Ko]

Desative temporariamente seu antivirus para evitar conflitos.

Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Execute-o da forma indicada nesta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Pre_Scan\Pre_Scan_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 4.05.06.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 11:25:02

Updated 06/05/2014 | 10.55 by g3n-h@ckm@n
Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Pre_Script Infos : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Pre_scan Feedbacks : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

[cesar (Administrator)] - [CASA]
SID = S-1-5-21-2982737377-722400272-4200008662-1001

Starting up : Normal
System : Windows 8.1 Single Language (64 bits) CoreSingleLanguage
ProcessorNameString : AMD C-70 APU with Radeon(tm) HD Graphics
Identifier : AMD64 Family 20 Model 2 Stepping 0


Memory RAM = Total (MB) : 3761 | Free (MB) : 2957
Pagefile = Total (MB) : 4417 | Free (MB) : 3596
Virtual = Total (MB) : 4194 | Free (MB) : 4039

¤¤¤¤¤¤¤¤¤¤ | Components of starting up


¤¤¤¤¤¤¤¤¤¤¤ | Drives

C:\-> [Fixed] | [OS] | Total : 190320 Mo | Free : 73650 Mo -> NTFS
D:\-> [Fixed] | [Data] | Total : 264350 Mo | Free : 225000 Mo -> NTFS

¤¤¤¤¤¤¤¤¤¤ | Windows updates

No detected update !!!


¤¤¤¤¤¤¤¤¤¤ | Sessions

C:\WINDOWS\system32\config\systemprofile
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService
C:\Users\cesar
C:\Users\helen_000

Registry saved , to restore : C:\Pre_Scan\Save\Scan\ERDNT.exe

stand-by mode deleted !


¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.17037 (© Microsoft Corporation. Todos os direitos reservados.)
FF : 28.0.0.5186 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 34.0.1847.137 (Copyright 2012 Google Inc.)
OP : 21.0.1432.67 (Copyright © Opera Software 2014)

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

FlashPlayer ActiveX : 13.0.0.214
FlashPlayer Plugin : 13.0.0.214

¤¤¤¤¤¤¤¤¤¤ | Security

AV : avast! Antivirus Enabled
AS : avast! Antivirus Enabled
FW : WINDOWS Firewall
WU: Windows Update Service [Auto(2)] = stopped
AS: Windows Defender [Manual(3)] = stopped
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ | Stopped processes

1092 | [Owner : |Parent : 664] - (.ASUSTeK Computer Inc. - ASUS FastBoot.) - (2.0.0.1) = C:\Windows\System32\FBAgent.exe
1312 | [Owner : SISTEMA |Parent : 664] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.3.9600.16384) = C:\Windows\System32\spoolsv.exe
1604 | [Owner : SISTEMA |Parent : 664] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.701.3.3014) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1628 | [Owner : SISTEMA |Parent : 664] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
1652 | [Owner : SISTEMA |Parent : 664] - (.Microsoft Corporation - Updates Skype Click to Call.) - (7.2.15747.10003) = C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
1684 | [Owner : SERVIÇO DE REDE |Parent : 664] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) - (7.2.15747.10003) = C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
1788 | [Owner : SISTEMA |Parent : 664] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) - (15.0.4615.1000) = C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
1836 | [Owner : SERVIÇO LOCAL |Parent : 396] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17031) = C:\Windows\System32\dasHost.exe
1904 | [Owner : SISTEMA |Parent : 664] - (.Baidu Inc. - Baidu PC Faster Service.) - (4.0.5.1821) = C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
2008 | [Owner : SISTEMA |Parent : 1904] - (.Baidu Inc. - Baidu PC Faster Service.) - (4.0.5.1821) = C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe
3524 | [Owner : SISTEMA |Parent : 1000] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.3.9600.17031) = C:\Windows\System32\taskeng.exe
3540 | [Owner : cesar |Parent : 1000] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.3.9600.17031) = C:\Windows\System32\taskhostex.exe
3556 | [Owner : cesar |Parent : 3508] - (.Microsoft Corporation - Windows Explorer.) - (6.3.9600.17039) = C:\Windows\explorer.exe
3748 | [Owner : SISTEMA |Parent : 3692] - (.Google Inc. - Google Crash Handler.) - (1.3.24.7) = C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
3788 | [Owner : SISTEMA |Parent : 3692] - (.Google Inc. - Google Crash Handler.) - (1.3.24.7) = C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
1956 | [Owner : SISTEMA |Parent : 664] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.9600.17031) = C:\Windows\System32\SearchIndexer.exe
3356 | [Owner : cesar |Parent : 740] - (.Microsoft Corporation - OneDrive Sync Engine Host.) - (6.3.9600.17055) = C:\Windows\System32\SkyDrive.exe
3652 | [Owner : cesar |Parent : 3556] - (.BitTorrent Inc. - µTorrent.) - (3.4.1.31139) = C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe
4196 | [Owner : cesar |Parent : 3572] - (.Baidu Inc. - PC Faster Tray.) - (4.0.5.1830) = C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
4468 | [Owner : SISTEMA |Parent : 1904] - (.Baidu Inc. - Baidu PC Faster Service.) - (4.0.5.1821) = C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe
4540 | [Owner : SISTEMA |Parent : 1904] - (.Baidu Inc. - Baidu PC Faster Service.) - (4.0.5.1821) = C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe
5012 | [Owner : cesar |Parent : 1000] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.3.9600.17031) = C:\Windows\System32\taskeng.exe
5048 | [Owner : cesar |Parent : 5012] - (.Microsoft Corporation - Microsoft Office Document Cache.) - (15.0.4615.1000) = C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
5080 | [Owner : SISTEMA |Parent : 664] - (.AMD - AMD External Events Service Module.) - (6.14.11.1164) = C:\Windows\System32\atiesrxx.exe
5104 | [Owner : SISTEMA |Parent : 5080] - (.AMD - AMD External Events Client Module.) - (6.14.11.1164) = C:\Windows\System32\atieclxx.exe
808 | [Owner : SISTEMA |Parent : 664] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.75.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
4268 | [Owner : SISTEMA |Parent : 808] - (.ASUSTek Computer Inc. - HControl.) - (1.0.75.4) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
4208 | [Owner : cesar |Parent : 1092] - (.ASUS - ACMON .) - (1.0.8.0) = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
4408 | [Owner : cesar |Parent : 2196] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.24.2) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
2596 | [Owner : cesar |Parent : 4148] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.15.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
4448 | [Owner : SISTEMA |Parent : 4268] - (.ASUSTek Computer Inc. - KBFiltr.) - (1.0.67.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
4464 | [Owner : SISTEMA |Parent : 664] - (.ASUS - ASUS InstantOn Program.) - (2.3.1.1) = C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
2952 | [Owner : SISTEMA |Parent : 4464] - (.ASUS - ASUS InstantOn Program.) - (3.0.2.0) = C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
3132 | [Owner : cesar |Parent : 740] - (.ASUSTeK - ACEngSvr Module.) - (1.0.0.4) = C:\Windows\SysWOW64\ACEngSvr.exe
4840 | [Owner : SISTEMA |Parent : 664] - (. - Asus WebStorage Windows Service.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
4832 | [Owner : SISTEMA |Parent : 664] - (.ASUS - GFNEXSrv.) - (1.0.11.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
1292 | [Owner : cesar |Parent : 1092] - (.CyberLink Corp. - PowerDVD RC Service.) - (10.0.4313.0) = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
2720 | [Owner : cesar |Parent : 1092] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) - (1.0.0.819) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4980 | [Owner : cesar |Parent : 1000] - (.ASUSTeK Computer Inc. - ASUS Live Update.) - (3.1.9.0) = C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
2616 | [Owner : cesar |Parent : 1000] - (.ASUS - Power4Gear Hybrid.) - (1.1.1.11) = C:\Program Files\ASUS\P4G\BatteryLife.exe
1796 | [Owner : cesar |Parent : 1000] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) - (2.0.9.0) = C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
3420 | [Owner : cesar |Parent : 2648] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.14.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
3272 | [Owner : cesar |Parent : 3420] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) - (1.0.7.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
2820 | [Owner : cesar |Parent : 3420] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) - (1.0.7.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
4456 | [Owner : cesar |Parent : 3420] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.50) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
4320 | [Owner : cesar |Parent : 4456] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.12.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
760 | [Owner : cesar |Parent : 740] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (6.3.9600.17031) = C:\Windows\System32\SettingSyncHost.exe
2992 | [Owner : cesar |Parent : 2740] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2796 | [Owner : cesar |Parent : 2992] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
5756 | [Owner : cesar |Parent : 2992] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3248 | [Owner : SISTEMA |Parent : 1956] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.9600.17031) = C:\Windows\System32\SearchProtocolHost.exe
5332 | [Owner : SISTEMA |Parent : 1956] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.9600.17031) = C:\Windows\System32\SearchFilterHost.exe
6060 | [Owner : cesar |Parent : 2992] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1868 | [Owner : cesar |Parent : 2992] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1104 | [Owner : |Parent : 672] - (.ASUSTeK Computer Inc. - ASUS FastBoot.) - (2.0.0.1) = C:\Windows\System32\FBAgent.exe
1328 | [Owner : SISTEMA |Parent : 672] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.3.9600.16384) = C:\Windows\System32\spoolsv.exe
1540 | [Owner : SISTEMA |Parent : 672] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.701.3.3014) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1560 | [Owner : SISTEMA |Parent : 672] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
1584 | [Owner : SISTEMA |Parent : 672] - (.Microsoft Corporation - Updates Skype Click to Call.) - (7.2.15747.10003) = C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
1604 | [Owner : SERVIÇO DE REDE |Parent : 672] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) - (7.2.15747.10003) = C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
1648 | [Owner : SISTEMA |Parent : 672] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) - (15.0.4615.1000) = C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
1748 | [Owner : SERVIÇO LOCAL |Parent : 484] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17031) = C:\Windows\System32\dasHost.exe
1896 | [Owner : SISTEMA |Parent : 672] - (.Baidu Inc. - Baidu PC Faster Service.) - (4.0.5.1821) = C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
2096 | [Owner : SISTEMA |Parent : 1896] - (.Baidu Inc. - Baidu PC Faster Service.) - (4.0.5.1821) = C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe
2420 | [Owner : cesar |Parent : 2616] - (.Microsoft Corporation - Windows Explorer.) - (6.3.9600.17039) = C:\Windows\explorer.exe
3256 | [Owner : cesar |Parent : 1000] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.3.9600.17031) = C:\Windows\System32\taskhostex.exe
3620 | [Owner : SISTEMA |Parent : 3596] - (.Google Inc. - Google Crash Handler.) - (1.3.24.7) = C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
3628 | [Owner : SISTEMA |Parent : 3596] - (.Google Inc. - Google Crash Handler.) - (1.3.24.7) = C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
1800 | [Owner : SISTEMA |Parent : 672] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.9600.17031) = C:\Windows\System32\SearchIndexer.exe
3708 | [Owner : cesar |Parent : 748] - (.Microsoft Corporation - OneDrive Sync Engine Host.) - (6.3.9600.17055) = C:\Windows\System32\SkyDrive.exe
3140 | [Owner : cesar |Parent : 2420] - (.BitTorrent Inc. - µTorrent.) - (3.4.1.31139) = C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe
4848 | [Owner : SISTEMA |Parent : 672] - (.AMD - AMD External Events Service Module.) - (6.14.11.1164) = C:\Windows\System32\atiesrxx.exe
4900 | [Owner : SISTEMA |Parent : 4848] - (.AMD - AMD External Events Client Module.) - (6.14.11.1164) = C:\Windows\System32\atieclxx.exe
5000 | [Owner : SISTEMA |Parent : 672] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.75.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
5044 | [Owner : SISTEMA |Parent : 5000] - (.ASUSTek Computer Inc. - HControl.) - (1.0.75.4) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
4080 | [Owner : cesar |Parent : 5108] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.15.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
4488 | [Owner : cesar |Parent : 5096] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.24.2) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
216 | [Owner : SISTEMA |Parent : 672] - (.ASUS - ASUS InstantOn Program.) - (2.3.1.1) = C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
3844 | [Owner : SISTEMA |Parent : 5044] - (.ASUSTek Computer Inc. - KBFiltr.) - (1.0.67.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
68 | [Owner : SISTEMA |Parent : 216] - (.ASUS - ASUS InstantOn Program.) - (3.0.2.0) = C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
4672 | [Owner : SISTEMA |Parent : 672] - (. - Asus WebStorage Windows Service.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
4788 | [Owner : cesar |Parent : 1104] - (.ASUS - ACMON .) - (1.0.8.0) = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
744 | [Owner : cesar |Parent : 748] - (.ASUSTeK - ACEngSvr Module.) - (1.0.0.4) = C:\Windows\SysWOW64\ACEngSvr.exe
5100 | [Owner : cesar |Parent : 1104] - (.CyberLink Corp. - PowerDVD RC Service.) - (10.0.4313.0) = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
4744 | [Owner : cesar |Parent : 1104] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) - (1.0.0.819) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2744 | [Owner : SISTEMA |Parent : 672] - (.ASUS - GFNEXSrv.) - (1.0.11.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
2468 | [Owner : cesar |Parent : 1000] - (.ASUSTeK Computer Inc. - ASUS Live Update.) - (3.1.9.0) = C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
4928 | [Owner : cesar |Parent : 1000] - (.ASUS - Power4Gear Hybrid.) - (1.1.1.11) = C:\Program Files\ASUS\P4G\BatteryLife.exe
3752 | [Owner : cesar |Parent : 1000] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) - (2.0.9.0) = C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
2164 | [Owner : cesar |Parent : 3356] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.14.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
2332 | [Owner : cesar |Parent : 2164] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) - (1.0.7.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
1152 | [Owner : cesar |Parent : 2164] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) - (1.0.7.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
1156 | [Owner : cesar |Parent : 2164] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.50) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
3732 | [Owner : cesar |Parent : 1156] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.12.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
1568 | [Owner : cesar |Parent : 748] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (6.3.9600.17031) = C:\Windows\System32\SettingSyncHost.exe
3544 | [Owner : SERVIÇO LOCAL |Parent : 1000] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.3.9600.17031) = C:\Windows\System32\taskhost.exe
3888 | [Owner : SISTEMA |Parent : 1000] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.3.9600.17031) = C:\Windows\System32\taskeng.exe
1880 | [Owner : cesar |Parent : 1000] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.3.9600.17031) = C:\Windows\System32\taskeng.exe
4748 | [Owner : cesar |Parent : 3212] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
852 | [Owner : cesar |Parent : 4748] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1616 | [Owner : cesar |Parent : 748] - (.Microsoft Corporation - Windows Media Player.) - (12.0.9600.16384) = C:\Program Files (x86)\Windows Media Player\wmplayer.exe
4816 | [Owner : cesar |Parent : 4748] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

¤¤¤¤¤¤¤¤¤¤ | Running processes

344 | [Owner : SISTEMA |Parent : 4] - (.Microsoft Corporation - Gerenciador de Sessão do Windows.) - (6.3.9600.17031) = C:\Windows\System32\smss.exe
488 | [Owner : SISTEMA |Parent : 444] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe
584 | [Owner : SISTEMA |Parent : 444] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) - (6.3.9600.16384) = C:\Windows\System32\wininit.exe
592 | [Owner : SISTEMA |Parent : 576] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe
636 | [Owner : SISTEMA |Parent : 576] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) - (6.3.9600.17031) = C:\Windows\System32\winlogon.exe
672 | [Owner : SISTEMA |Parent : 584] - (.Microsoft Corporation - Aplicativo de serviços e controle.) - (6.3.9600.16384) = C:\Windows\System32\services.exe
680 | [Owner : SISTEMA |Parent : 584] - (.Microsoft Corporation - Local Security Authority Process.) - (6.3.9600.16384) = C:\Windows\System32\lsass.exe
748 | [Owner : SISTEMA |Parent : 672] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
792 | [Owner : SERVIÇO DE REDE |Parent : 672] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
880 | [Owner : DWM-1 |Parent : 636] - (.Microsoft Corporation - Gerenciador de Janelas da Área de Trabalho.) - (6.3.9600.17031) = C:\Windows\System32\dwm.exe
968 | [Owner : SERVIÇO LOCAL |Parent : 672] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
1000 | [Owner : SISTEMA |Parent : 672] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
308 | [Owner : SERVIÇO LOCAL |Parent : 672] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
484 | [Owner : SISTEMA |Parent : 672] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
668 | [Owner : SERVIÇO DE REDE |Parent : 672] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
1132 | [Owner : SISTEMA |Parent : 672] - (.AVAST Software - avast! Service.) - (9.0.2018.391) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1380 | [Owner : SERVIÇO LOCAL |Parent : 672] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
1400 | [Owner : SERVIÇO LOCAL |Parent : 672] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
2828 | [Owner : SERVIÇO DE REDE |Parent : 672] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
4120 | [Owner : cesar |Parent : 3216] - (.AVAST Software - avast! Antivirus.) - (9.0.2018.391) = C:\Program Files\AVAST Software\Avast\AvastUI.exe
1684 | [Owner : cesar |Parent : 4748] - (. - .) - (0.0.0.0) = C:\Users\cesar\Downloads\Pre_Scan.exe
3448 | [Owner : SERVIÇO LOCAL |Parent : 484] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17031) = C:\Windows\System32\dasHost.exe
3440 | [Owner : SISTEMA |Parent : 672] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) - (15.0.4615.1000) = C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
1408 | [Owner : SISTEMA |Parent : 672] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.3.9600.16384) = C:\Windows\System32\spoolsv.exe
3008 | [Owner : SISTEMA |Parent : 672] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.9600.17031) = C:\Windows\System32\SearchIndexer.exe
272 | [Owner : SISTEMA |Parent : 672] - (.ASUSTeK Computer Inc. - ASUS FastBoot.) - (2.0.0.1) = C:\Windows\System32\FBAgent.exe
1640 | [Owner : cesar |Parent : 636] - (.Microsoft Corporation - Proteção de Tela em Branco.) - (6.3.9600.16384) = C:\Windows\System32\scrnsave.scr
2184 | [Owner : SISTEMA |Parent : 3008] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.9600.17031) = C:\Windows\System32\SearchProtocolHost.exe
2104 | [Owner : SISTEMA |Parent : 3008] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.9600.17031) = C:\Windows\System32\SearchFilterHost.exe


¤¤¤¤¤¤¤¤¤¤ | Winlogon user : OK !


¤¤¤¤¤¤¤¤¤¤ | Winlogon machine

Repaired : [64][HKLM | Winlogon]|[userinit] : userinit.exe, -> C:\WINDOWS\SysWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ | Associations



¤

Repaired : [64][HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : "C:\Program Files\Mozilla Firefox\Firefox.exe" -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
Repaired : [64][HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\safemode\command] : "C:\Program Files\Mozilla Firefox\Firefox.exe" -safe-mode -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" -safe-mode
Repaired : [64][HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : "C:\Program Files\Internet Explorer\iexplore.exe" -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Repaired : [64][HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

¤¤¤¤¤¤¤¤¤¤ | Registry

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktop] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktopChanges] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ | Access to the registry and to the administrator of the tasks



¤¤¤¤¤¤¤¤¤¤ | SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !

¤


¤¤¤¤¤¤¤¤¤¤ | IFEO


¤¤¤¤¤¤¤¤¤¤ | Mountpoints2



¤¤¤¤¤¤¤¤¤¤ | Windows

[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

Winsrv : OK !


[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :

[HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :
[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1
[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1

¤¤¤¤¤¤¤¤¤¤ | Security center

Repaired : [64][HKLM\Software\Microsoft\Security Center]|[AutoUpdateDisableNotify] : 1 -> 0






Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0

Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]|[EnableFirewall] : 1 -> 0

Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]|[EnableFirewall] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ | Correction of the services


Repaired : [PlugPlay] : 3 -> 2
Repaired : [agp440] : 0 -> 2
Repaired : [EapHost] : 3 -> 2
Repaired : [SharedAccess] : 3 -> 2
Impossible to repair ! [windefend] : 3
Repaired : [wudfsvc] : 3 -> 2
Repaired : [WerSvc] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer


Users browser settings : OK

Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Start Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Start Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

¤


Hijack.Internet : OK

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\WINDOWS\System32\Drivers\etc\hosts : Cleaned

¤¤¤¤¤¤¤¤¤¤ | reparsepoint



¤¤¤¤¤¤¤¤¤¤ | Detection of offsets


¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry


Deleted : C:\$Recycle.bin\S-1-5-21-2982737377-722400272-4200008662-1001
Deleted : C:\$Recycle.bin\S-1-5-18
Deleted : C:\$Recycle.bin\S-1-5-19


Moved to quarantine successfully : C:\Users\cesar\AppData\Local\microsoft\windows\WebCacheLock.dat
Moved to quarantine successfully : C:\ProgramData\SetStretch.cmd
Moved to quarantine successfully : C:\Users\cesar\AppData\Roaming\WildTangent
Moved to quarantine successfully : C:\WINDOWS\assembly\tmp\

Prefetch -> cleaned



D:\ : Vaccinated (Vaccin created by Pre_Scan)

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Drive D:] : Hidden : 2 | Restored : 2
~ [Drive C:] : Hidden : 4 | Restored : 4
~ [Program Files] : Hidden : 5 | Restored : 5
~ [Users] : Hidden : 4 | Restored : 4
~ [Videos] : Hidden : 4 | Restored : 4
~ [Documents] : Hidden : 11 | Restored : 11
~ [Desktop] : Hidden : 703 | Restored : 703
~ [Searches] : Hidden : 2 | Restored : 2
~ [Windows] : Hidden : 33 | Restored : 30
~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1
~ [Libraries] : Hidden : 11 | Restored : 11


¤¤¤¤¤¤¤¤¤¤ | Control of the partitions

Disk: 0 Size=477G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 EE-UNKNWN 21.0T No No 1 294,967,295

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1
[HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1

End : 11:53:11


Standby-mode restored
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 387