Removendo buscador e página inicial QONE8 do Chrome

Pessoal,

Estou precisando remover essa praga desse Qone8. Pesquisando na internet e até aqui no fórum (post [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] tentei remove-lo de forma tradicional, desinstalando o programa e removendo do Chrome.
Porém, convencionalmente não rolou e então parti para o Adw Cleaner.
Não adiantou também.
Alguma outra sugestão ?


Obrigado,

Rafael Achôa

   Olá Rafael.

* Poste o log (relatório) do Adwcleaner que está em C:\AdwCleaner\AdwCleaner[S0].txt para que possamos analisá-lo.

Ficamos na espera.

Segue

# AdwCleaner v3.208 - Relatório criado 15/05/2014 às 21:38:26
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language  (64 bits)
# Usuário : Isabela - ISINHA
# Executando de : C:\Users\Isabela\Downloads\adwcleaner_3.208.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\Program Files (x86)\Common Files\337
[x] Não Deletada : C:\Users\Isabela\AppData\Local\Mobogenie
[x] Não Deletada : C:\Users\Isabela\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Isabela\AppData\LocalLow\IminentToolbar
Pasta Deletada : C:\Users\Isabela\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Isabela\AppData\Roaming\iWin
Pasta Deletada : C:\Users\Isabela\AppData\Roaming\Oxy
Pasta Deletada : C:\Users\Isabela\AppData\Roaming\qone8
Pasta Deletada : C:\Users\Isabela\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\Isabela\AppData\Roaming\UpdaterEX
Pasta Deletada : C:\Users\Isabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Pasta Deletada : C:\Users\Isabela\Documents\Mobogenie
Pasta Deletada : C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default\Extensions\quick_start@gmail.com
Arquivo Deletada : C:\Users\Isabela\daemonprocess.txt
Arquivo Deletada : C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default\user.js
Arquivo Deletada : C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Arquivo Deletada : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Arquivo Deletada : C:\Windows\Tasks\Driver Booster Update.job
Arquivo Deletada : C:\Windows\System32\Tasks\Driver Booster Update
Arquivo Deletada : C:\Windows\System32\Tasks\PileFile logon
Arquivo Deletada : C:\Windows\System32\Tasks\PileFile reminder

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[x] Não Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Isabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Isabela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Isabela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Isabela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Escolade
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\SearchProtect
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default\prefs.js ]

Linha deletada : user_pref("browser.newtab.url", "hxxp://start.qone8.com/newtab/?type=nt&ts=1400174629&from=mp3&uid=3219913727_198313_9C6789B8");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://start.qone8.com/?type=hp&ts=1400174629&from=mp3&uid=3219913727_198313_9C6789B8");

-\\ Google Chrome v34.0.1847.137

[ Arquivo : C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deletedo [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deletedo [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod
Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [8186 octets] - [15/05/2014 21:36:30]
AdwCleaner[S0].txt - [6368 octets] - [15/05/2014 21:38:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6428 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Isabela on 15/05/2014 at 23:02:54,37.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Isabela\Downloads\2 - zoek.exe    [Scan all users] [Script inserted]

===== Runcheck 23:05:08,57 =====

--- Create Environment Variables 23:05:11,49
--- Create System Restore Point 23:05:29,43
--- Checking Input 23:05:34,82
--- Reset Hosts File 23:05:41,42
--- AU AppData Check 23:05:42,43
--- Remove From Windows Installer 23:05:51,46
--- IE Startpage Check 23:07:50,75
--- Program Files DB Check 23:08:41,15
--- C:\Users\Default\AppData\Roaming DB Check 23:10:21,29

O Zoek ainda está fazendo a limpeza. Aguarde até que ele termine e poste seu relatório completo.

Desculpe-me a ansiedade hehe  :rindo_ate_agor  mas só para constar, parece que sumiu o Qone8  

Segue relatório:

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Isabela on 15/05/2014 at 23:02:54,37.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Isabela\Downloads\2 - zoek.exe    [Scan all users] [Script inserted]

==== System Restore Info ======================

15/05/2014 23:05:32 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3585445889-2484728970-451866620-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default\prefs.js:
user_pref("browser.startup.homepage", "http://start.qone8.com/?type=hp&ts=1400174629&from=mp3&uid=3219913727_198313_9C6789B8");
user_pref("browser.search.defaultenginename", "Google");

Added to C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default

user.js not found
---- Lines qone8 removed from prefs.js ----
user_pref("browser.startup.homepage", "http://start.qone8.com/?type=hp&ts=1400174629&from=mp3&uid=3219913727_198313_9C6789B8");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_052014_2326_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\ProductData deleted
C:\Users\Isabela\AppData\Local\SearchProtect deleted
C:\Users\Isabela\AppData\Local\Mobogenie deleted
C:\Users\Isabela\AppData\Local\cache deleted
C:\Users\Isabela\AppData\LocalLow\ADSRemoval deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\windows\SysNative\tasks\Oxy deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default\searchplugins\trovi-search.xml deleted
C:\Users\Isabela\AppData\Roaming\unins000.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{5D9F252A-241F-5588-C8D9-D47F9E59D5A7}"="C:\Program Files (x86)\Re_markit\170.xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default
7B32EC68B2D0EAE4C1333EEB53199571 - C:\Users\Isabela\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
58B690C992C321664AB6145A350B5DCD - C:\Users\Isabela\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jhjjdgbhohaallcimgcmakfiobacimkm - C:\Program Files (x86)\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Isabela\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[14/04/2014 10:15]

Google Docs - Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{33BB0A4E-99AF-4226-BDF6-49120163DE86} qone8  Url="http://www.qone8.com/web/?type=ds&ts=1400174629&from=mp3&uid=3219913727_198313_9C6789B8&q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3585445889-2484728970-451866620-1001\Software\Mozilla\Firefox\Extensions\{5D9F252A-241F-5588-C8D9-D47F9E59D5A7} deleted successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Public\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Connected Music powered by Meridian.lnk - C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
C:\Users\Public\Desktop\CyberLink Media Suite.lnk - C:\Program Files (x86)\CyberLink\Media Suite\PS.exe
C:\Users\Public\Desktop\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lame Front-End\Desinstalar Lame Front-End.lnk - C:\Program Files (x86)\pazera-software\Lame_Front-End\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lame Front-End\Lame Front-End.lnk - C:\Program Files (x86)\pazera-software\Lame_Front-End\Lfe.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== shortcuts After Repair ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:14037;https=127.0.0.1:14037"
"ProxyOverride"="localhost;<local>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Isabela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Isabela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H25ED6PD will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=218 folders=40 6952606 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Isabela\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Isabela\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Isabela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H25ED6PD" not found

==== EOF on 15/05/2014 at 23:35:43,20 ======================

mas só para constar, parece que sumiu o Qone8

 O grande problema é que seu PC não estava só com o Qone8, está com vários tipos de adwares.
_________________________________________________________________________________

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by Isabela on 15/05/2014 at 23:59:58,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/05/2014 at  0:15:35,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.5.17.66 - Nicolas Coolman  (17/05/2014)
~ Iniciado por Isabela (17/05/2014 17:56:19)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16899
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v34.0.1847.137 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit  (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W8

---\\ Softwares d'optimização do sistema
CCleaner v4.12

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1940 MB (15% free)
System Restore: Activé (Enable)
System drive C: has 259 GB (57%) free of 448 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ISINHA
~ User Name: Isabela
~ All Users Names: Isabela, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Isabela\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Isabela\AppData\Roaming\
~ %Desktop% : C:\Users\Isabela\Desktop\
~ %Favorites% : C:\Users\Isabela\Favorites\
~ %LocalAppData% : C:\Users\Isabela\AppData\Local\
~ %StartMenu% : C:\Users\Isabela\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 259 Go of 448 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 17 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/04/2014 - 12:05:08.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.04/05/2014 - 11:24:57.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.06/04/2014 - 12:05:07.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/21
~ Mes musiques (My Musics) : 1/150
~ Mes Videos (My Videos) : 2/3
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/2130
~ Mon Bureau (My Desktop) : 2/9642
~ Menu demarrer (Programs) : 1/29
~ Hidden Files:  Scanned in 00mn 07s



---\\ Processos lançados
[MD5.AF3DA0C60DE8A312328F247FF2FA6239] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe   [775968] [PID.2836]
[MD5.17A89EF59FE3FFECFA608B6AD511F133] - (.Intel - Intel® Rapid Start Technology Manager.) -- C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe   [708648] [PID.2872]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe   [136488] [PID.2052]
[MD5.60E844AE5920B75399DDBD9F3AE1C7A0] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe   [1272400] [PID.4264]  =>P2P.BitTorrent
[MD5.43FCAD8DC068E94B170353DAD02A0053] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe   [363520] [PID.4628]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe   [91432] [PID.4668]
[MD5.A9732510C6D8E3C954DB2F249AAC9818] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe   [580512] [PID.4692]
[MD5.9F3655267BA37004F519ABDDB3AEE244] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe   [1342008] [PID.4788]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.4868]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe   [152392] [PID.4876]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [841032] [PID.3120]
[MD5.8C59765B5462FC6F7A0C99DDB058AE8A] - (.PortableAppZ.blogspot.com - Adobe Photoshop CS6 Portable.) -- C:\Users\Isabela\Desktop\Arquivos\Adobe Photoshop CS6 Extended Portable Multi linguas\Photoshop CS6 Portable\AutoPlay\Docs\PhotoshopCS6Portable.exe   [81041] [PID.4856]
[MD5.9974E2B0E3085C835CF00B2B7F0F51C3] - (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) -- C:\Users\Isabela\Desktop\Arquivos\Adobe Photoshop CS6 Extended Portable Multi linguas\Photoshop CS6 Portable\AutoPlay\Docs\App\PhotoshopCS6\Photoshop.exe   [42985632] [PID.1612]
[MD5.CF0B46A34780C3B4E3AF1297217A80BD] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe   [222208] [PID.4360]
[MD5.1F0D27B7142CDEA3FBEC7A7DE56D3D1B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7877120] [PID.5636]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default\prefs.js
M0 - MFSP: prefs.js [Isabela - sm50t0wn.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.Qone8
M2 - MFEP: prefs.js [Isabela - sm50t0wn.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Isabela\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Isabela]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - GS\Desktop [Isabela]: SpyHunter.lnk . (...)  -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.)  =>Crapware.SpyHunter
O4 - GS\Desktop [Isabela]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-21-3585445889-2484728970-451866620-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Application:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{351D14C2-3FCF-4F97-87C1-B07650D79758}: DhcpNameServer = 189.7.64.17 189.7.64.26
O17 - HKLM\System\CS1\Services\Tcpip\..\{351D14C2-3FCF-4F97-87C1-B07650D79758}: DhcpNameServer = 189.7.64.17 189.7.64.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.64.17 189.7.64.26
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
~ Services: 19 Legitimates Filtered in 00mn 08s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [Windows Updater] (...) -- C:\Users\Isabela\AppData\Roaming\Oxy\Updater.exe (.not file.)   [0]
O39 - APT:  - (..) -- C:\Windows\Tasks\ASC7_SkipUac_Isabela.job   [260]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\ASC7_SkipUac_Isabela   [260]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1080]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1084]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForIsabela   [354]
~ Scheduled Task: 22 Legitimates Filtered in 00mn 08s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (badriver) . (. - .) - C:\Windows\System32\drivers\badriver.sys (.not file.)
O41 - Driver:  (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver:  (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys  =>Adware.BDSearch
O41 - Driver:  (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 42 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: YoutubeMovieMaker - (.Youtube Movie Maker.) [HKLM][64Bits] -- {E084C471-FA8F-4468-93F1-25B3A13ED942}
~ Logic: 20 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKCU\Software\dx20120105]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\ADSRemoval]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\RZsoft]
~ Key Software: 267 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/03/2014 - 15:04:14 - [] ----D C:\Program Files (x86)\Baidu Security  =>Adware.BDSearch
O43 - CFD: 13/03/2014 - 23:28:09 - [] ----D C:\Program Files (x86)\Baixou Agora App
O43 - CFD: 03/12/2013 - 10:04:45 - [] ----D C:\Program Files (x86)\Common Files\YUMediaCodec
O43 - CFD: 14/03/2014 - 13:15:07 - [] ----D C:\ProgramData\Baidu Security  =>Adware.BDSearch
O43 - CFD: 25/09/2012 - 18:44:55 - [] ----D C:\ProgramData\{BE4DD016-EE56-4AC8-9832-69281423A3D4}
O43 - CFD: 15/10/2013 - 13:01:42 - [] ----D C:\Users\Isabela\AppData\Roaming\Baidu Security  =>Adware.BDSearch
O43 - CFD: 15/05/2014 - 18:58:32 - [] ----D C:\Users\Isabela\AppData\Local\966
O43 - CFD: 15/05/2014 - 20:09:33 - [] ----D C:\Users\Isabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter  =>Crapware.SpyHunter
~ Program Folder: 158 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.93E7FA131B9AF0AF62D112AB19D31264] - 15/05/2014 - 19:24:13 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml   [387268]
O44 - LFC:[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] - 15/05/2014 - 20:09:44 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys   [22704]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 15/05/2014 - 20:10:58 ---A- . (...) -- C:\autoexec.bat   [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 15/05/2014 - 21:41:01 ---A- . (...) -- C:\asc_rdflag   [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 15/05/2014 - 23:02:36 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.2EF8E91286FA261FDB712485EBA77E41] - 15/05/2014 - 23:35:43 ---A- . (...) -- C:\zoek-results.log   [15501]
O44 - LFC:[MD5.723247F93B0C5AC5EC65A5D1B4F7FB0C] - 16/05/2014 - 17:44:20 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [166504]
O44 - LFC:[MD5.810E72928F4ABC42E7F513A6A31E7A78] - 16/05/2014 - 17:44:20 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [792452]
~ Files: 59 Legitimates Filtered in 00mn 03s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 22 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys   [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys   [34624]  =>Adware.BDSearch
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys   [128992]
O58 - SDL:22/06/2012 - 11:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys   [22704]
O58 - SDL:28/10/2013 - 00:12:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [107288]
O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [204568]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [30960]
O58 - SDL:04/04/2014 - 16:39:25 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys   [544768]
O58 - SDL:18/03/2013 - 15:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys   [54784]
~ Drivers: 64 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (qone8) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.Qone8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.99EBCA33C94850A583B5DB2E22E809CB] [SPRF][07/03/2014] (...) -- C:\Users\Isabela\AppData\Roaming\unins000.dat   [19714]
[MD5.92E6A6A0D8C77D9ADA9D0A5182A22B15] [SPRF][30/08/2012] (...) -- C:\Users\Isabela\Desktop\Wireless - USC.exe   [631808]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{FA131CB5-66AD-4974-AC72-50A98D60F759}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{B828CF77-6BF3-45E3-AE83-8617D1077855}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{DF2D235F-124B-4A16-8DCE-B4888BAC3FC2}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{7338C19F-BA75-4C3E-80A3-A34FEEBA45F8}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 02s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32  =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS  =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32  =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS  =>PUP.BuzzSearch
~ BTK: 92 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/08/2012 276288 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 |  (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 21/01/2014 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/01/2014 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 03/12/2013 2151200 |  (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 05/12/2013 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 09/12/2013 881440 |  (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 12/02/2014 43336 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 02/08/2012 1544192 |  (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 10/07/2012 138752 |  (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 10/07/1658 0 |  (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe  =>.EasyBits Software AS
SR - | Auto 21/02/2014 519720 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 10/08/2012 85504 |  (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe  =>.Hewlett-Packard Co
SR - | Demand 10/08/2012 1001376 |  (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 04/04/2014 31040 |  (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 31/07/2012 35232 |  (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 13/07/2012 2451456 |  (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 20/04/2012 635104 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 128896 |  (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 21/02/2014 641352 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 20/07/2012 193576 |  (irstrtsv) . (.Intel Corporation.) - C:\Windows\SysWOW64\irstrtsv.exe
SR - | Auto 17/07/2012 165760 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 276864 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 09/01/2014 1025408 |  (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe  =>Crapware.SpyHunter
SR - | Auto 04/04/2014 332800 |  (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 17/07/2012 364416 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 17s



---\\ Scâner Aditional (088)
Database Version : 13045 - (17/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 4
Dossiers trouvés  (Folders found) : 4
Fichiers trouvés  (Files found) : 5

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service]   =>Crapware.SpyHunter
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent   =>P2P.BitTorrent^
C:\Program Files (x86)\Baidu Security   =>Adware.BDSearch^
C:\ProgramData\Baidu Security   =>Adware.BDSearch^
C:\Users\Isabela\AppData\Roaming\Baidu Security   =>Adware.BDSearch^
C:\Users\Isabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter   =>Crapware.SpyHunter^
C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent^
[HKCU\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security]   =>Adware.BDSearch^
C:\Users\Isabela\Desktop\SpyHunter.lnk   =>Crapware.SpyHunter
~ Additionnel Scan: 308632 Items scanned in 01mn 10s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]   =>Hijacker.Qone8
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Crapware.SpyHunter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.BuzzSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.V9Software
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Tarma
~ MSI: 6 link(s) detected in 00mn 00s



~ 682 Legitimates filtered by white list
End of the scan (465 lines in 02mn 31s)(0)

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Segue o relatório.
OBS: Ao utilizar o ccleaner, voltou a página do qon8, porém realizando a limpeza do ZHP FIX posteriormente, removeu tal página ao iniciar.


Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Isabela at 18/05/2014 01:12:25
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit  (Build 9200)

Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: badriver
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: SearchScopes :{33BB0A4E-99AF-4226-BDF6-49120163DE86}
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS
ELIMINÉ: Service: Bonjour Service
ELIMINÉ: Service: SpyHunter 4 Service
ELIMINÉ: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\isabela\desktop\spyhunter.lnk
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINA REINICIAR: c:\program files\bonjour\mdnsresponder.exe
ELIMINA REINICIAR: c:\program files\enigma software group\spyhunter\sh4service.exe
ELIMINÉ Temporários windows (10) (323.450 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: Windows Updater

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
16 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
8 : Ficheiros
1 : Preferências do navegador
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 27s

========== Caminho do ficheiro do relatório ==========
C:\Users\Isabela\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/05/2014 01:12:30 [2705]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.5.17.66 - Nicolas Coolman  (17/05/2014)
~ Iniciado por Isabela (18/05/2014 17:55:55)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16899
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v34.0.1847.137 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit  (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W8

---\\ Softwares d'optimização do sistema
CCleaner v4.12

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1940 MB (8% free)
System Restore: Activé (Enable)
System drive C: has 272 GB (60%) free of 448 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ISINHA
~ User Name: Isabela
~ All Users Names: Isabela, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Isabela\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Isabela\AppData\Roaming\
~ %Desktop% : C:\Users\Isabela\Desktop\
~ %Favorites% : C:\Users\Isabela\Favorites\
~ %LocalAppData% : C:\Users\Isabela\AppData\Local\
~ %StartMenu% : C:\Users\Isabela\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 272 Go of 448 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 17 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/04/2014 - 12:05:08.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.04/05/2014 - 11:24:57.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.06/04/2014 - 12:05:07.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes:  Scanned in 00mn 03s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/21
~ Mes musiques (My Musics) : 1/150
~ Mes Videos (My Videos) : 2/3
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/2130
~ Mon Bureau (My Desktop) : 2/9700
~ Menu demarrer (Programs) : 1/26
~ Hidden Files:  Scanned in 00mn 14s



---\\ Processos lançados
[MD5.17A89EF59FE3FFECFA608B6AD511F133] - (.Intel - Intel® Rapid Start Technology Manager.) -- C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe   [708648] [PID.4460]
[MD5.43FCAD8DC068E94B170353DAD02A0053] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe   [363520] [PID.6292]
[MD5.A9732510C6D8E3C954DB2F249AAC9818] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe   [580512] [PID.3336]
[MD5.9F3655267BA37004F519ABDDB3AEE244] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe   [1342008] [PID.3060]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.1600]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe   [136488] [PID.5904]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [841032] [PID.5980]
[MD5.1F0D27B7142CDEA3FBEC7A7DE56D3D1B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7877120] [PID.6296]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 04s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default\prefs.js
M2 - MFEP: prefs.js [Isabela - sm50t0wn.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Isabela\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Isabela]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - GS\Desktop [Isabela]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-21-3585445889-2484728970-451866620-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Application:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{351D14C2-3FCF-4F97-87C1-B07650D79758}: DhcpNameServer = 189.7.64.17 189.7.64.26 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{351D14C2-3FCF-4F97-87C1-B07650D79758}: DhcpNameServer = 189.7.64.17 189.7.64.26 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.64.17 189.7.64.26 201.6.4.116
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
~ Services: 17 Legitimates Filtered in 00mn 19s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:  - (..) -- C:\Windows\Tasks\ASC7_SkipUac_Isabela.job   [260]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\ASC7_SkipUac_Isabela   [260]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1080]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1084]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForIsabela   [354]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 13s



---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: YoutubeMovieMaker - (.Youtube Movie Maker.) [HKLM][64Bits] -- {E084C471-FA8F-4468-93F1-25B3A13ED942}
~ Logic: 20 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKCU\Software\dx20120105]
[HKLM\Software\Wow6432Node\ADSRemoval]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\RZsoft]
~ Key Software: 264 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/03/2014 - 23:28:09 - [] ----D C:\Program Files (x86)\Baixou Agora App
O43 - CFD: 03/12/2013 - 10:04:45 - [] ----D C:\Program Files (x86)\Common Files\YUMediaCodec
O43 - CFD: 15/05/2014 - 18:58:32 - [] ----D C:\Users\Isabela\AppData\Local\966
~ Program Folder: 153 Legitimates Filtered in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.93E7FA131B9AF0AF62D112AB19D31264] - 15/05/2014 - 19:24:13 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml   [387268]
O44 - LFC:[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] - 15/05/2014 - 20:09:44 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys   [22704]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 15/05/2014 - 20:10:58 ---A- . (...) -- C:\autoexec.bat   [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 15/05/2014 - 21:41:01 ---A- . (...) -- C:\asc_rdflag   [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 15/05/2014 - 23:02:36 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.2EF8E91286FA261FDB712485EBA77E41] - 15/05/2014 - 23:35:43 ---A- . (...) -- C:\zoek-results.log   [15501]
O44 - LFC:[MD5.723247F93B0C5AC5EC65A5D1B4F7FB0C] - 17/05/2014 - 18:05:50 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [166504]
O44 - LFC:[MD5.810E72928F4ABC42E7F513A6A31E7A78] - 17/05/2014 - 18:05:50 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [792452]
~ Files: 58 Legitimates Filtered in 00mn 16s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 22 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys   [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys   [34624]  =>Adware.BDSearch
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys   [128992]
O58 - SDL:22/06/2012 - 11:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys   [22704]
O58 - SDL:28/10/2013 - 00:12:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [107288]
O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [204568]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [30960]
O58 - SDL:04/04/2014 - 16:39:25 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys   [544768]
O58 - SDL:18/03/2013 - 15:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys   [54784]
~ Drivers: 64 Legitimates Filtered in 00mn 06s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (qone8) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.Qone8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.99EBCA33C94850A583B5DB2E22E809CB] [SPRF][07/03/2014] (...) -- C:\Users\Isabela\AppData\Roaming\unins000.dat   [19714]
[MD5.92E6A6A0D8C77D9ADA9D0A5182A22B15] [SPRF][30/08/2012] (...) -- C:\Users\Isabela\Desktop\Wireless - USC.exe   [631808]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{FA131CB5-66AD-4974-AC72-50A98D60F759}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{B828CF77-6BF3-45E3-AE83-8617D1077855}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{DF2D235F-124B-4A16-8DCE-B4888BAC3FC2}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{7338C19F-BA75-4C3E-80A3-A34FEEBA45F8}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 06s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/08/2012 276288 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 |  (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 21/01/2014 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/01/2014 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 03/12/2013 2151200 |  (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 05/12/2013 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 09/12/2013 881440 |  (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 12/02/2014 43336 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 02/08/2012 1544192 |  (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Demand 10/07/2012 138752 |  (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 10/07/1658 0 |  (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe  =>.EasyBits Software AS
SR - | Auto 21/02/2014 519720 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 10/08/2012 85504 |  (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe  =>.Hewlett-Packard Co
SR - | Demand 10/08/2012 1001376 |  (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 04/04/2014 31040 |  (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 31/07/2012 35232 |  (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 13/07/2012 2451456 |  (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 20/04/2012 635104 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 128896 |  (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 21/02/2014 641352 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 20/07/2012 193576 |  (irstrtsv) . (.Intel Corporation.) - C:\Windows\SysWOW64\irstrtsv.exe
SR - | Auto 17/07/2012 165760 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 276864 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2014 332800 |  (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 17/07/2012 364416 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 25s



---\\ Scâner Aditional (088)
Database Version : 13045 - (17/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 3
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 0

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent   =>P2P.BitTorrent^
~ Additionnel Scan: 308054 Items scanned in 01mn 52s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]   =>Hijacker.Qone8
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.V9Software
~ MSI: 3 link(s) detected in 00mn 00s



~ 661 Legitimates filtered by white list
End of the scan (412 lines in 04mn 31s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei.
____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Isabela at 18/05/2014 19:30:03
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 02s)

========== Chaves do Registo ==========
ELIMINÉ: SearchScopes :{33BB0A4E-99AF-4226-BDF6-49120163DE86}

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (7) (732.257 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 08s

========== Caminho do ficheiro do relatório ==========
C:\Users\Isabela\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/05/2014 01:12:30 [2787]
C:\Users\Isabela\AppData\Roaming\ZHP\ZHPFix[R2].txt - 18/05/2014 19:30:05 [1123]

Como está o PC?

Acabei de reiniciar, como pediu o ZHPFix, mas o qone8 ainda tá aqui. Abri o navegador e ele voltou... Está mais rápido, pelo menos. E agora?
  

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

Relatório 1:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Isabela (administrator) on ISINHA on 18-05-2014 19:51:01
Running from C:\Users\Isabela\Desktop
Platform: Windows 8 Single Language (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2014-04-04] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2014-04-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3585445889-2484728970-451866620-1001\...\Run: [uTorrent] => C:\Users\Isabela\AppData\Roaming\uTorrent\uTorrent.exe [1272400 2014-05-11] (BitTorrent Inc.)
HKU\S-1-5-21-3585445889-2484728970-451866620-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3585445889-2484728970-451866620-1001\...\Policies\system: [DisableChangePassword] 0

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1582632 2014-02-21] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 189.7.64.17 189.7.64.26 201.6.4.116

FireFox:
========
FF ProfilePath: C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default
FF NewTab: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF Homepage: /*hxxp://start.qone8.com/?type=hp&ts=1400174629&from=mp3&uid=3219913727_198313_9C6789B8*/
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: gastecnologia.com.br/sf/bb - C:\Users\Isabela\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Isabela\AppData\Roaming\Mozilla\Firefox\Profiles\sm50t0wn.default\Extensions\ascsurfingprotection@iobit.com [2014-04-11]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Isabela\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Isabela\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-04-14]

Chrome:
=======
CHR StartupUrls: "hxxp://start.qone8.com/?type=hp&ts=1400174629&from=mp3&uid=3219913727_198313_9C6789B8"
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-11]
CHR Extension: (Google Drive) - C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-11]
CHR Extension: (YouTube) - C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-11]
CHR Extension: (Pesquisa do Google) - C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-11]
CHR Extension: (Google Wallet) - C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh [2014-03-07]
CHR Extension: (Gmail) - C:\Users\Isabela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-11]
CHR HKCU\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Isabela\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2014-04-14]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [519720 2014-02-21] (GAS Tecnologia)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-04-04] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695392 2012-08-09] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-04-21] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2014-04-04] (Hewlett-Packard Development Company, L.P.)
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 19:51 - 2014-05-18 19:51 - 00015855 _____ () C:\Users\Isabela\Desktop\FRST.txt
2014-05-18 19:50 - 2014-05-18 19:51 - 00000000 ____D () C:\FRST
2014-05-18 19:48 - 2014-05-18 19:48 - 02067456 _____ (Farbar) C:\Users\Isabela\Desktop\FRST64.exe
2014-05-18 19:32 - 2014-05-18 19:32 - 00002506 _____ () C:\Windows\PFRO.log
2014-05-18 19:31 - 2014-05-18 19:31 - 00016972 _____ () C:\Users\Isabela\Desktop\eja.odt
2014-05-18 19:31 - 2014-05-18 19:30 - 00001205 _____ () C:\Users\Isabela\Desktop\ZHPFixReport.txt
2014-05-18 18:00 - 2014-05-18 18:00 - 00026957 _____ () C:\Users\Isabela\Desktop\ZHPDiag.txt
2014-05-18 17:53 - 2014-05-18 19:34 - 00051965 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 01:14 - 2014-05-18 19:32 - 00000354 _____ () C:\Windows\Tasks\HPCeeScheduleForIsabela.job
2014-05-18 01:14 - 2014-05-18 01:14 - 00003172 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIsabela
2014-05-17 17:56 - 2014-05-17 17:56 - 00001989 _____ () C:\Users\Isabela\Desktop\ZHPFix.lnk
2014-05-17 17:56 - 2014-05-17 17:56 - 00001862 _____ () C:\Users\Isabela\Desktop\ZHPDiag.lnk
2014-05-17 17:52 - 2014-05-18 19:31 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\ZHP
2014-05-17 17:52 - 2014-05-18 17:55 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-05-17 17:52 - 2014-05-17 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-17 17:50 - 2014-05-15 22:01 - 06778868 _____ (Nicolas Coolman ) C:\Users\Isabela\Downloads\3 - ZHPDiag2.exe
2014-05-17 17:49 - 2014-05-17 17:50 - 06769536 _____ () C:\Users\Isabela\Downloads\3 - ZHPDiag2.rar
2014-05-16 13:19 - 2014-05-16 13:19 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe
2014-05-16 13:19 - 2014-05-16 13:19 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\Adobe
2014-05-16 13:19 - 2014-05-16 13:19 - 00000000 ____D () C:\Users\Isabela\AppData\Local\Adobe
2014-05-16 13:19 - 2014-05-16 13:19 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-16 00:15 - 2014-05-16 00:15 - 00000775 _____ () C:\Users\Isabela\Desktop\JRT.txt
2014-05-15 23:59 - 2014-05-15 23:59 - 00000000 ____D () C:\Windows\ERUNT
2014-05-15 23:59 - 2014-05-15 21:57 - 01016261 _____ (Thisisu) C:\Users\Isabela\Downloads\1 - JRT.exe
2014-05-15 23:56 - 2014-05-15 23:57 - 00976124 _____ () C:\Users\Isabela\Downloads\1 - JRT.rar
2014-05-15 23:33 - 2014-05-15 23:02 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-15 23:05 - 2014-05-15 23:35 - 00015501 _____ () C:\zoek-results.log
2014-05-15 23:02 - 2014-05-15 23:26 - 00000000 ____D () C:\zoek_backup
2014-05-15 23:02 - 2014-05-15 23:02 - 01278530 _____ () C:\Users\Isabela\Downloads\2 - zoek.rar
2014-05-15 23:02 - 2014-05-15 22:00 - 01285120 _____ () C:\Users\Isabela\Downloads\2 - zoek.exe
2014-05-15 21:41 - 2014-05-15 21:41 - 00000000 _____ () C:\asc_rdflag
2014-05-15 21:38 - 2014-05-15 21:38 - 00001063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-15 21:38 - 2014-05-15 21:38 - 00001051 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-15 21:38 - 2014-05-15 21:38 - 00000971 _____ () C:\Users\Isabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 21:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-15 21:34 - 2014-05-15 21:39 - 00000000 ____D () C:\AdwCleaner
2014-05-15 21:31 - 2014-05-15 21:31 - 01325827 _____ () C:\Users\Isabela\Downloads\adwcleaner_3.208.exe
2014-05-15 20:10 - 2014-05-15 20:10 - 00000000 _____ () C:\autoexec.bat
2014-05-15 20:09 - 2014-05-17 19:19 - 00003332 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-05-15 20:09 - 2014-05-15 20:09 - 00000000 ____D () C:\sh4ldr
2014-05-15 20:09 - 2014-05-15 20:09 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-15 20:09 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-05-15 20:08 - 2014-05-15 20:09 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-15 20:07 - 2014-05-15 20:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Isabela\Downloads\SpyHunter-Installer.exe
2014-05-15 19:24 - 2014-05-15 19:24 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-15 19:24 - 2014-05-15 19:24 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-05-15 19:24 - 2014-05-15 19:24 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-05-15 19:24 - 2014-05-15 19:24 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 19:24 - 2014-05-15 19:24 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 19:05 - 2014-05-01 17:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 19:05 - 2014-05-01 17:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 14:28 - 2014-05-15 18:58 - 00000000 ____D () C:\Users\Isabela\AppData\Local\966
2014-05-15 14:19 - 2014-05-16 14:34 - 00000000 ____D () C:\Users\Isabela\Desktop\selma
2014-05-14 21:57 - 2014-05-14 21:57 - 00000000 ____D () C:\Users\Isabela\Desktop\projeto glad_data
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lame Front-End
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Program Files (x86)\pazera-software
2014-05-14 18:28 - 2014-05-14 18:28 - 01630368 _____ (Jacek Pazera ) C:\Users\Isabela\Downloads\Lame_Front-End.exe
2014-05-14 18:07 - 2014-05-14 21:57 - 00000000 ____D () C:\Users\Isabela\Desktop\TW99
2014-05-14 14:32 - 2014-05-14 22:07 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\Audacity
2014-05-14 14:32 - 2014-05-14 14:32 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-05-14 14:32 - 2014-05-14 14:32 - 00001009 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-05-14 14:31 - 2014-05-14 14:32 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-05-14 14:02 - 2014-05-14 14:21 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\Free Audio Editor
2014-05-14 14:01 - 2014-05-14 14:35 - 00000000 ____D () C:\Users\Isabela\Downloads\AUDIO WAV
2014-05-14 13:55 - 2002-01-05 16:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-05-14 00:38 - 2014-03-28 16:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-14 00:38 - 2014-03-23 19:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-14 00:30 - 2014-03-28 05:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-13 23:07 - 2014-03-28 05:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 23:07 - 2014-03-28 03:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 23:06 - 2014-04-12 06:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-13 23:06 - 2014-04-12 06:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-13 23:06 - 2014-04-12 06:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-13 23:06 - 2014-04-12 06:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-13 23:06 - 2014-04-12 06:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-13 23:06 - 2014-04-12 06:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-13 23:06 - 2014-04-12 06:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-13 23:06 - 2014-04-12 06:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-13 23:06 - 2014-04-12 06:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-13 23:06 - 2014-04-12 06:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-13 23:06 - 2014-04-12 06:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 23:06 - 2014-04-12 04:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-13 23:06 - 2014-04-12 04:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-13 23:06 - 2014-04-12 04:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-13 23:06 - 2014-04-12 04:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-13 23:06 - 2014-04-12 04:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-13 23:06 - 2014-04-12 04:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-13 23:06 - 2014-04-12 04:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-13 23:06 - 2014-04-12 03:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-13 23:06 - 2014-03-11 00:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-13 23:06 - 2014-03-11 00:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-13 23:06 - 2014-03-10 21:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-13 23:06 - 2014-03-10 21:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-13 23:06 - 2014-03-10 21:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-13 23:06 - 2014-03-10 21:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-13 23:06 - 2014-03-10 21:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-13 23:06 - 2014-03-10 21:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-13 23:06 - 2014-03-10 21:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-13 23:06 - 2014-03-10 21:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-13 23:06 - 2014-03-10 21:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-13 23:06 - 2014-03-10 21:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-13 23:06 - 2014-03-10 21:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-13 23:06 - 2014-03-10 00:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 23:06 - 2014-03-09 22:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-13 23:06 - 2014-03-03 20:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-13 23:05 - 2014-05-06 00:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-13 23:04 - 2014-05-06 02:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-13 23:04 - 2014-05-06 02:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-13 23:04 - 2014-05-06 00:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-13 23:04 - 2014-05-06 00:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-13 23:04 - 2014-05-06 00:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-12 15:29 - 2014-05-12 15:29 - 00020379 _____ () C:\Users\Isabela\Downloads\[kickass.to]once.upon.a.time.complete.season.2.torrent
2014-05-09 12:56 - 2014-05-09 12:56 - 00000000 ____D () C:\Users\Isabela\Desktop\OpenOffice 4.1.0 (pt-BR) Installation Files
2014-05-09 12:50 - 2014-05-09 12:52 - 128780976 _____ () C:\Users\Isabela\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_pt-BR.exe
2014-05-09 12:22 - 2014-05-09 12:22 - 00010012 _____ () C:\Users\Isabela\Documents\Histórico de Participações.htm
2014-05-09 12:22 - 2014-05-09 12:22 - 00000000 ____D () C:\Users\Isabela\Documents\Histórico de Participações_files
2014-05-07 20:27 - 2014-05-07 20:27 - 36544512 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2014-05-06 00:46 - 2014-04-19 06:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 00:46 - 2014-04-19 05:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 00:46 - 2014-04-19 05:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 00:46 - 2014-04-19 03:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 00:46 - 2014-04-19 03:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-04 23:39 - 2014-05-04 23:39 - 00019223 _____ () C:\Users\Isabela\Downloads\[kickass.to]teen.wolf.season.3.episodes.13.24.hdtv.x264.vega004.torrent
2014-05-04 11:24 - 2014-05-04 11:24 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-04 11:24 - 2014-05-04 11:24 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-04 11:24 - 2014-05-04 11:24 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-04 11:24 - 2014-05-04 11:24 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-04 11:24 - 2014-05-04 11:24 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-04 11:24 - 2014-05-04 11:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-04 11:24 - 2014-05-04 11:24 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-04 11:24 - 2014-05-04 11:24 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-04 11:17 - 2014-05-04 11:17 - 36519936 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2014-04-29 20:27 - 2014-04-29 20:27 - 00000000 ____D () C:\Users\Isabela\Desktop\PETAR
2014-04-28 13:49 - 2014-04-28 13:50 - 04824064 _____ () C:\Users\Isabela\Downloads\Geomorfologia Cárstica.sist mundo.ppt
2014-04-21 00:21 - 2014-04-21 00:20 - 00524016 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-04-21 00:21 - 2014-04-21 00:20 - 00264432 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-04-21 00:21 - 2014-04-21 00:20 - 00192240 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo19.dll
2014-04-21 00:21 - 2014-04-21 00:20 - 00151280 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
2014-04-21 00:21 - 2014-04-21 00:19 - 00819440 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2014-04-21 00:21 - 2014-04-21 00:19 - 00351984 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2014-04-21 00:21 - 2014-04-21 00:19 - 00033008 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2014-04-21 00:10 - 2013-01-25 11:47 - 00000313 _____ () C:\Windows\SysWOW64\RaCheckBTDev.ini
2014-04-21 00:00 - 2014-04-21 00:00 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\InstallShield
2014-04-21 00:00 - 2014-04-21 00:00 - 00000000 ____D () C:\Program Files (x86)\Ralink
2014-04-21 00:00 - 2014-03-07 16:30 - 02531528 _____ (Ralink Technology, Corp.) C:\Windows\system32\Drivers\netr28x.sys
2014-04-21 00:00 - 2013-12-17 21:06 - 00332080 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll
2014-04-21 00:00 - 2013-12-17 14:41 - 00013973 _____ () C:\Windows\system32\RaCoInst.dat
2014-04-21 00:00 - 2013-01-25 11:47 - 00000313 _____ () C:\Windows\system32\RaCheckBTDev.ini
2014-04-20 20:25 - 2014-04-20 20:25 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-20 20:25 - 2014-04-20 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-20 20:22 - 2014-04-20 20:25 - 00000000 ____D () C:\Users\Todos os Usuários\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-20 20:22 - 2014-04-20 20:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-20 20:22 - 2014-04-20 20:25 - 00000000 ____D () C:\Program Files\iTunes
2014-04-20 20:22 - 2014-04-20 20:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-20 20:22 - 2014-04-20 20:22 - 00000000 ____D () C:\Program Files\iPod
2014-04-20 20:18 - 2014-05-18 19:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-04-20 20:18 - 2014-04-20 20:18 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-04-20 20:08 - 2014-04-20 20:18 - 00000000 ____D () C:\Users\Isabela\Desktop\Músicas Noivado

==================== One Month Modified Files and Folders =======

2014-05-18 19:51 - 2014-05-18 19:51 - 00015855 _____ () C:\Users\Isabela\Desktop\FRST.txt
2014-05-18 19:51 - 2014-05-18 19:50 - 00000000 ____D () C:\FRST
2014-05-18 19:48 - 2014-05-18 19:48 - 02067456 _____ (Farbar) C:\Users\Isabela\Desktop\FRST64.exe
2014-05-18 19:40 - 2013-10-11 13:32 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3585445889-2484728970-451866620-1001
2014-05-18 19:38 - 2012-09-25 23:08 - 00792452 _____ () C:\Windows\system32\prfh0416.dat
2014-05-18 19:38 - 2012-09-25 23:08 - 00166504 _____ () C:\Windows\system32\prfc0416.dat
2014-05-18 19:38 - 2012-07-26 04:28 - 01900858 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 19:34 - 2014-05-18 17:53 - 00051965 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 19:34 - 2014-01-21 18:01 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 19:34 - 2013-10-15 13:01 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\uTorrent
2014-05-18 19:33 - 2014-01-21 18:01 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 19:32 - 2014-05-18 19:32 - 00002506 _____ () C:\Windows\PFRO.log
2014-05-18 19:32 - 2014-05-18 01:14 - 00000354 _____ () C:\Windows\Tasks\HPCeeScheduleForIsabela.job
2014-05-18 19:32 - 2014-04-20 20:18 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-18 19:32 - 2012-08-10 17:45 - 00000821 _____ () C:\Windows\SysWOW64\bscs.ini
2014-05-18 19:32 - 2012-07-26 04:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 19:32 - 2012-07-26 02:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-18 19:31 - 2014-05-18 19:31 - 00016972 _____ () C:\Users\Isabela\Desktop\eja.odt
2014-05-18 19:31 - 2014-05-17 17:52 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\ZHP
2014-05-18 19:31 - 2013-10-16 19:55 - 01095680 ___SH () C:\Users\Isabela\Desktop\Thumbs.db
2014-05-18 19:30 - 2014-05-18 19:31 - 00001205 _____ () C:\Users\Isabela\Desktop\ZHPFixReport.txt
2014-05-18 19:04 - 2013-10-11 13:25 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8D7ECDF9-AE4E-4854-9283-CF06A75DD99F}
2014-05-18 19:00 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-18 18:09 - 2013-10-12 10:46 - 00364544 ___SH () C:\Users\Isabela\Downloads\Thumbs.db
2014-05-18 18:00 - 2014-05-18 18:00 - 00026957 _____ () C:\Users\Isabela\Desktop\ZHPDiag.txt
2014-05-18 17:55 - 2014-05-17 17:52 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-05-18 17:53 - 2014-01-21 17:28 - 00002207 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-05-18 12:47 - 2013-10-14 14:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-18 12:47 - 2013-10-14 14:22 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-18 01:14 - 2014-05-18 01:14 - 00003172 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIsabela
2014-05-18 01:14 - 2013-10-11 13:21 - 00000000 ____D () C:\Users\Isabela
2014-05-17 19:19 - 2014-05-15 20:09 - 00003332 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-05-17 19:19 - 2014-04-11 12:23 - 00003100 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-05-17 19:19 - 2014-03-06 00:22 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-05-17 18:06 - 2013-10-30 08:09 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\vlc
2014-05-17 17:56 - 2014-05-17 17:56 - 00001989 _____ () C:\Users\Isabela\Desktop\ZHPFix.lnk
2014-05-17 17:56 - 2014-05-17 17:56 - 00001862 _____ () C:\Users\Isabela\Desktop\ZHPDiag.lnk
2014-05-17 17:56 - 2014-05-17 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-17 17:50 - 2014-05-17 17:49 - 06769536 _____ () C:\Users\Isabela\Downloads\3 - ZHPDiag2.rar
2014-05-16 14:34 - 2014-05-15 14:19 - 00000000 ____D () C:\Users\Isabela\Desktop\selma
2014-05-16 14:29 - 2013-12-11 09:46 - 00000132 _____ () C:\Users\Isabela\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2014-05-16 13:19 - 2014-05-16 13:19 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe
2014-05-16 13:19 - 2014-05-16 13:19 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\Adobe
2014-05-16 13:19 - 2014-05-16 13:19 - 00000000 ____D () C:\Users\Isabela\AppData\Local\Adobe
2014-05-16 13:19 - 2014-05-16 13:19 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-16 00:15 - 2014-05-16 00:15 - 00000775 _____ () C:\Users\Isabela\Desktop\JRT.txt
2014-05-15 23:59 - 2014-05-15 23:59 - 00000000 ____D () C:\Windows\ERUNT
2014-05-15 23:57 - 2014-05-15 23:56 - 00976124 _____ () C:\Users\Isabela\Downloads\1 - JRT.rar
2014-05-15 23:35 - 2014-05-15 23:05 - 00015501 _____ () C:\zoek-results.log
2014-05-15 23:26 - 2014-05-15 23:02 - 00000000 ____D () C:\zoek_backup
2014-05-15 23:02 - 2014-05-15 23:33 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-15 23:02 - 2014-05-15 23:02 - 01278530 _____ () C:\Users\Isabela\Downloads\2 - zoek.rar
2014-05-15 22:01 - 2014-05-17 17:50 - 06778868 _____ (Nicolas Coolman ) C:\Users\Isabela\Downloads\3 - ZHPDiag2.exe
2014-05-15 22:00 - 2014-05-15 23:02 - 01285120 _____ () C:\Users\Isabela\Downloads\2 - zoek.exe
2014-05-15 21:57 - 2014-05-15 23:59 - 01016261 _____ (Thisisu) C:\Users\Isabela\Downloads\1 - JRT.exe
2014-05-15 21:41 - 2014-05-15 21:41 - 00000000 _____ () C:\asc_rdflag
2014-05-15 21:41 - 2014-01-21 17:49 - 68124672 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-05-15 21:41 - 2014-01-21 17:49 - 00356352 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-05-15 21:41 - 2014-01-21 17:49 - 00069632 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-05-15 21:41 - 2014-01-21 17:49 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-05-15 21:39 - 2014-05-15 21:34 - 00000000 ____D () C:\AdwCleaner
2014-05-15 21:38 - 2014-05-15 21:38 - 00001063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-15 21:38 - 2014-05-15 21:38 - 00001051 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-15 21:38 - 2014-05-15 21:38 - 00000971 _____ () C:\Users\Isabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 21:31 - 2014-05-15 21:31 - 01325827 _____ () C:\Users\Isabela\Downloads\adwcleaner_3.208.exe
2014-05-15 20:10 - 2014-05-15 20:10 - 00000000 _____ () C:\autoexec.bat
2014-05-15 20:09 - 2014-05-15 20:09 - 00000000 ____D () C:\sh4ldr
2014-05-15 20:09 - 2014-05-15 20:09 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-15 20:09 - 2014-05-15 20:08 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-15 20:07 - 2014-05-15 20:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Isabela\Downloads\SpyHunter-Installer.exe
2014-05-15 19:27 - 2014-01-21 17:28 - 00000260 _____ () C:\Windows\Tasks\ASC7_SkipUac_Isabela.job
2014-05-15 19:24 - 2014-05-15 19:24 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-15 19:24 - 2014-05-15 19:24 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-05-15 19:24 - 2014-05-15 19:24 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-05-15 19:24 - 2014-05-15 19:24 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 19:24 - 2014-05-15 19:24 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 19:06 - 2013-10-11 13:25 - 00000000 ___RD () C:\Users\Isabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:06 - 2013-10-11 13:25 - 00000000 ___RD () C:\Users\Isabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 19:02 - 2012-07-26 05:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-15 19:02 - 2012-07-26 05:12 - 00000000 ___RD () C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 19:02 - 2012-07-26 05:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 19:02 - 2012-07-26 05:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 19:02 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-15 19:02 - 2012-07-26 05:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 19:02 - 2012-07-26 05:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 18:58 - 2014-05-15 14:28 - 00000000 ____D () C:\Users\Isabela\AppData\Local\966
2014-05-15 18:33 - 2014-01-21 18:02 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-14 22:07 - 2014-05-14 14:32 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\Audacity
2014-05-14 21:57 - 2014-05-14 21:57 - 00000000 ____D () C:\Users\Isabela\Desktop\projeto glad_data
2014-05-14 21:57 - 2014-05-14 18:07 - 00000000 ____D () C:\Users\Isabela\Desktop\TW99
2014-05-14 18:31 - 2013-10-11 13:22 - 00000000 ____D () C:\Users\Isabela\AppData\Local\VirtualStore
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lame Front-End
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Program Files (x86)\pazera-software
2014-05-14 18:28 - 2014-05-14 18:28 - 01630368 _____ (Jacek Pazera ) C:\Users\Isabela\Downloads\Lame_Front-End.exe
2014-05-14 16:17 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-14 16:15 - 2013-10-14 18:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 16:09 - 2013-10-14 18:25 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 16:09 - 2012-07-26 02:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-14 14:35 - 2014-05-14 14:01 - 00000000 ____D () C:\Users\Isabela\Downloads\AUDIO WAV
2014-05-14 14:32 - 2014-05-14 14:32 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-05-14 14:32 - 2014-05-14 14:32 - 00001009 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-05-14 14:32 - 2014-05-14 14:31 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-05-14 14:21 - 2014-05-14 14:02 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\Free Audio Editor
2014-05-12 22:45 - 2013-11-18 21:23 - 00000000 ____D () C:\Users\Isabela\Desktop\torrents
2014-05-12 15:29 - 2014-05-12 15:29 - 00020379 _____ () C:\Users\Isabela\Downloads\[kickass.to]once.upon.a.time.complete.season.2.torrent
2014-05-12 15:18 - 2013-10-16 19:54 - 00000000 ____D () C:\Users\Isabela\Desktop\textos
2014-05-11 12:18 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\rescache
2014-05-11 11:19 - 2013-10-15 13:06 - 00000855 _____ () C:\Users\Isabela\Desktop\µTorrent.lnk
2014-05-11 11:19 - 2013-10-15 13:06 - 00000835 _____ () C:\Users\Isabela\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-09 15:30 - 2013-10-16 19:50 - 00000000 ____D () C:\Users\Isabela\Desktop\textos da faculdade
2014-05-09 12:56 - 2014-05-09 12:56 - 00000000 ____D () C:\Users\Isabela\Desktop\OpenOffice 4.1.0 (pt-BR) Installation Files
2014-05-09 12:52 - 2014-05-09 12:50 - 128780976 _____ () C:\Users\Isabela\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_pt-BR.exe
2014-05-09 12:28 - 2014-01-21 18:01 - 00004056 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 12:28 - 2014-01-21 18:01 - 00003820 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 12:22 - 2014-05-09 12:22 - 00010012 _____ () C:\Users\Isabela\Documents\Histórico de Participações.htm
2014-05-09 12:22 - 2014-05-09 12:22 - 00000000 ____D () C:\Users\Isabela\Documents\Histórico de Participações_files
2014-05-07 20:29 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-07 20:27 - 2014-05-07 20:27 - 36544512 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2014-05-07 20:03 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-07 13:17 - 2013-10-16 19:55 - 00000000 ____D () C:\Users\Isabela\Desktop\Iniciação
2014-05-06 02:14 - 2014-05-13 23:04 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:14 - 2014-05-13 23:04 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 00:48 - 2014-05-13 23:05 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 00:48 - 2014-05-13 23:04 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 00:37 - 2014-05-13 23:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 00:26 - 2014-05-13 23:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-04 23:39 - 2014-05-04 23:39 - 00019223 _____ () C:\Users\Isabela\Downloads\[kickass.to]teen.wolf.season.3.episodes.13.24.hdtv.x264.vega004.torrent
2014-05-04 11:44 - 2013-10-16 20:06 - 00000000 ____D () C:\Users\Isabela\Desktop\coisinhas
2014-05-04 11:43 - 2014-04-06 18:00 - 00000000 ____D () C:\Users\Isabela\Desktop\sd
2014-05-04 11:24 - 2014-05-04 11:24 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-04 11:24 - 2014-05-04 11:24 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-04 11:24 - 2014-05-04 11:24 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-04 11:24 - 2014-05-04 11:24 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-04 11:24 - 2014-05-04 11:24 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-04 11:24 - 2014-05-04 11:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-04 11:24 - 2014-05-04 11:24 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-04 11:24 - 2014-05-04 11:24 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-04 11:17 - 2014-05-04 11:17 - 36519936 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2014-05-04 10:37 - 2014-03-31 00:15 - 00328200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-01 17:37 - 2014-05-15 19:05 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 17:37 - 2014-05-15 19:05 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 21:48 - 2013-10-16 19:50 - 00000000 ____D () C:\Users\Isabela\Desktop\Arquivos
2014-04-29 20:27 - 2014-04-29 20:27 - 00000000 ____D () C:\Users\Isabela\Desktop\PETAR
2014-04-28 13:50 - 2014-04-28 13:49 - 04824064 _____ () C:\Users\Isabela\Downloads\Geomorfologia Cárstica.sist mundo.ppt
2014-04-25 20:39 - 2014-02-25 18:53 - 00000000 ____D () C:\Windows\Minidump
2014-04-21 00:20 - 2014-04-21 00:21 - 00524016 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-04-21 00:20 - 2014-04-21 00:21 - 00264432 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-04-21 00:20 - 2014-04-21 00:21 - 00192240 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo19.dll
2014-04-21 00:20 - 2014-04-21 00:21 - 00151280 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
2014-04-21 00:20 - 2012-08-03 21:02 - 00000000 ____D () C:\SWSetup
2014-04-21 00:19 - 2014-04-21 00:21 - 00819440 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2014-04-21 00:19 - 2014-04-21 00:21 - 00351984 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2014-04-21 00:19 - 2014-04-21 00:21 - 00033008 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2014-04-21 00:09 - 2013-07-19 06:34 - 00005535 _____ () C:\Windows\system32\RaCoInst.log
2014-04-21 00:00 - 2014-04-21 00:00 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\InstallShield
2014-04-21 00:00 - 2014-04-21 00:00 - 00000000 ____D () C:\Program Files (x86)\Ralink
2014-04-20 21:15 - 2014-01-21 17:29 - 00000000 ____D () C:\Users\Isabela\AppData\Roaming\Apple Computer
2014-04-20 20:25 - 2014-04-20 20:25 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-20 20:25 - 2014-04-20 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-20 20:25 - 2014-04-20 20:22 - 00000000 ____D () C:\Users\Todos os Usuários\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-20 20:25 - 2014-04-20 20:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-20 20:25 - 2014-04-20 20:22 - 00000000 ____D () C:\Program Files\iTunes
2014-04-20 20:25 - 2014-04-20 20:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-20 20:22 - 2014-04-20 20:22 - 00000000 ____D () C:\Program Files\iPod
2014-04-20 20:18 - 2014-04-20 20:18 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-04-20 20:18 - 2014-04-20 20:08 - 00000000 ____D () C:\Users\Isabela\Desktop\Músicas Noivado
2014-04-19 06:39 - 2014-05-06 00:46 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-19 05:45 - 2014-05-06 00:46 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-19 05:45 - 2014-05-06 00:46 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 03:57 - 2014-05-06 00:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-19 03:57 - 2014-05-06 00:46 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-13 23:06] - [2014-04-12 06:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-18 12:54

==================== End Of Log ============================

Relatório 2:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Isabela at 2014-05-18 19:52:11
Running from C:\Users\Isabela\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.1.0 - IObit)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dream Chronicles (x32 Version: 2.2.0.95 - WildTangent) Hidden
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.2 - IObit)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Galeria de Fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GBBD Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.7.1.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Heartwild Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{EBA81BE1-5252-4ED9-B573-21746AF0929F}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{0E4AF773-9908-4F3B-8D57-E402FE198107}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{14FE2E94-DC3D-4F7C-BB41-EB7E672B3E8B}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.5.1228 - IObit)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jogos da WildTangent (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
JoJo's Fashion Show (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Lame Front-End 1.8 (HKLM-x32\...\{0908334B-6065-48A1-BD91-EC7A03DF77CE}_is1) (Version: 1.8 - Jacek Pazera)
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware versão 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 pt-BR)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.98 - WildTangent) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{50FA6B86-D3C4-4961-A58F-1A061B2DCE04}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Nome da empresa:)
Ralink RT3290LE 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.44.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.0 - IObit)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Suporte para Aplicativos Apple (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Westward (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
YoutubeMovieMaker (HKLM-x32\...\{E084C471-FA8F-4468-93F1-25B3A13ED942}) (Version: 8.06 - Youtube Movie Maker)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

29-04-2014 21:20:06 Windows Update
04-05-2014 14:23:41 Instalador de Módulos do Windows
09-05-2014 15:57:44 Instalado OpenOffice 4.1.0
14-05-2014 18:55:17 Windows Update
15-05-2014 22:23:09 Instalador de Módulos do Windows
18-05-2014 04:11:25 ZHPFix Restore System Point

==================== Hosts content: ==========================

2014-05-15 23:05 - 2014-05-15 23:05 - 00000840 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {06CAEDF5-1351-4746-BEC8-F4C7EF503116} - \Driver Booster Update No Task File <==== ATTENTION
Task: {0ABCEA5C-D027-4642-8764-DB264FA0885A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {0E6FE576-8A1E-46F0-9BC2-0CA250027BFA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {11429B2C-8C53-4906-A7C5-CCFA7698EC6F} - System32\Tasks\ASC7_SkipUac_Isabela => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-01-08] (IObit)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {28EFFA6D-A0D3-4F7A-A479-AFEFE00D41CA} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2013-12-03] (IObit)
Task: {3E9DCB48-56CD-49EA-B996-77656053CAC9} - \Baidu PC Faster Update No Task File <==== ATTENTION
Task: {42F59D3B-E3B2-4CF9-8110-DE9DBF4F45EA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {4819F360-D4DD-41FE-8132-C05758CEE0F6} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: {4EA88D10-AE24-4557-9B23-AD67BF478173} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {657730EA-7772-4F1C-979B-F25E801F0ED8} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {6AA4F9E3-0FB8-4A92-83EE-DC01F997A7F8} - \PileFile reminder No Task File <==== ATTENTION
Task: {70805490-5956-47DF-8811-583B09312318} - \Oxy No Task File <==== ATTENTION
Task: {785DCC04-8AD7-4CC6-8A04-36C3E80D4A06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7E60EDC2-03D1-4988-AEFE-6BCCEBEAF5F5} - System32\Tasks\HPCeeScheduleForIsabela => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {80F1F24F-042A-4B63-8ECA-D032549B7A25} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-01-16] (IObit)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BCF5F8FE-452E-4187-BE58-DAAB73F5D702} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {BE2AD285-6C30-4342-94E9-7F4C00EFA692} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CB0B6476-30EA-4BCE-A7F2-034A984247F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {CC184A63-E2E4-4090-9402-F93C408B248E} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {CD73C012-8904-4F30-9CD5-0B592AAD5EF3} - \PileFile logon No Task File <==== ATTENTION
Task: {CE753A7D-8E3D-4348-B782-4D4F4F1F4FFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {CFE705F8-5BFD-4B14-984A-BA726BD832B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {DD187C16-9A18-4226-8E4D-82D0C6510D52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\ASC7_SkipUac_Isabela.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForIsabela.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-07-10 18:11 - 2012-07-10 18:11 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-07-10 18:11 - 2012-07-10 18:11 - 00052736 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2012-08-08 02:17 - 2012-08-08 02:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-21 17:28 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 12:16 - 2014-01-20 12:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-10 18:09 - 2012-07-10 18:09 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-07-10 18:11 - 2012-07-10 18:11 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-07-10 18:11 - 2012-07-10 18:11 - 00052736 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-07-10 18:14 - 2012-07-10 18:14 - 00072192 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll
2012-07-27 14:51 - 2012-07-27 14:51 - 00346112 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll
2014-01-21 17:28 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2013-07-19 06:31 - 2012-06-25 15:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-14 18:53 - 2014-05-07 20:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-14 18:53 - 2014-05-07 20:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-14 18:53 - 2014-05-07 20:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-14 18:53 - 2014-05-07 20:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-14 18:53 - 2014-05-07 20:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-14 18:53 - 2014-05-07 20:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
2014-05-14 18:53 - 2014-05-07 20:29 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Adaptador do Microsoft ISATAP
Description: Adaptador do Microsoft ISATAP
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Adaptador do Microsoft ISATAP #2
Description: Adaptador do Microsoft ISATAP
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Adaptador do Microsoft 6to4
Description: Adaptador do Microsoft 6to4
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/18/2014 06:58:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: HPPU.exe, versão: 1.0.0.0, carimbo de data/hora: 0x50079e34
Nome do módulo com falha: d2d1.dll, versão: 6.2.9200.16765, carimbo de data/hora: 0x528bf8d9
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0015948b
ID do processo com falha: 0xddc
Hora de início do aplicativo com falha: 0xHPPU.exe0
Caminho do aplicativo com falha: HPPU.exe1
Caminho do módulo com falha: HPPU.exe2
ID do Relatório: HPPU.exe3
Nome completo do pacote com falha: HPPU.exe4
ID do aplicativo relativo ao pacote com falha: HPPU.exe5

Error: (05/18/2014 06:53:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/18/2014 00:44:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/17/2014 07:13:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 131500

Error: (05/17/2014 07:13:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 131500

Error: (05/17/2014 07:13:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/17/2014 07:13:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 130000

Error: (05/17/2014 07:13:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 130000

Error: (05/17/2014 07:13:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/17/2014 07:13:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1734


System errors:
=============
Error: (05/18/2014 07:35:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço LiveUpdate foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (05/18/2014 07:32:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço EsgScanner depende do serviço Logon de rede, mas não foi possível iniciá-lo devido ao seguinte erro:
%%1058

Error: (05/17/2014 06:28:37 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/17/2014 06:28:07 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/17/2014 05:40:13 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/17/2014 05:39:43 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/16/2014 07:01:04 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/16/2014 06:20:34 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/16/2014 06:15:37 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/16/2014 05:46:47 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (05/18/2014 06:58:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPPU.exe1.0.0.050079e34d2d1.dll6.2.9200.16765528bf8d9c00000050015948bddc01cf72e43ed9dea8C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exeC:\Windows\SYSTEM32\d2d1.dll7ed836ac-ded7-11e3-be9f-6c3be5e8b468

Error: (05/18/2014 06:53:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/18/2014 00:44:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/17/2014 07:13:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 131500

Error: (05/17/2014 07:13:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 131500

Error: (05/17/2014 07:13:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/17/2014 07:13:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 130000

Error: (05/17/2014 07:13:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 130000

Error: (05/17/2014 07:13:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/17/2014 07:13:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1734


CodeIntegrity Errors:
===================================
Date: 2014-05-18 19:50:57.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-18 19:48:09.835
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-18 19:44:23.462
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-18 19:41:06.610
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-18 19:40:44.690
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-18 19:40:10.225
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-18 19:39:31.435
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-18 19:30:08.744
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-18 19:30:08.457
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-18 18:35:43.620
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 80%
Total physical RAM: 1940.27 MB
Available physical RAM: 386.89 MB
Total Pagefile: 6548.27 MB
Available Pagefile: 4848.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:447.58 GB) (Free:271.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.4 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A723ADEA)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 1D66E94B)

Partition: GPT Partition Type.

==================== End Of Log ============================

Estou analisando os seus logs. Neles constam o Bonjour, que é um programa sem praticamente nenhuma utilidade e que costuma deixar o PC mais lento, e também o Spyhunter que também não tem praticamente utilidade. Você quer mantê-los ou desinstalá-los?

O bonjour veio com o iTunes, ele sincroniza o iPhone, que eu não tenho. O Spyhunter baixei pq vcs pediram, então vou desinstalar os dois.

rachoa escreveu:O bonjour veio com o iTunes, ele sincroniza o iPhone, que eu não tenho. O Spyhunter baixei pq vcs pediram, então vou desinstalar os dois.

Pode desinstalar os dois. Quanto ao Spyhunter não foi nós que pedimos.