Infecçao por muitos malweres, pc lento

Estou com problemas de sobrecarregamento de memoria, lentidao,
oque pode ser feito?

  Olá.

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Iniciado por Veni (27/05/2014 21:59:12)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107 (Defaut)
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v35.0.1916.114

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
COMODO Internet Security Premium v6.2.23257.2860
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v3.28

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.1.2 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4029 MB (38% free)
System Restore: Activé (Enable)
System drive C: has 243 GB (42%) free of 575 GB

---\\ Modo de conexão ao sistema
~ Computer Name: VENI-PC
~ User Name: Veni
~ All Users Names: Veni, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Veni\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Veni\AppData\Roaming\
~ %Desktop% : C:\Users\Veni\Desktop\
~ %Favorites% : C:\Users\Veni\Favorites\
~ %LocalAppData% : C:\Users\Veni\AppData\Local\
~ %StartMenu% : C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 243 Go of 575 Go)
D: Hard drive, Flash drive, Thumb drive (Free 3 Go of 20 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)
I: CD-ROM drive (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Free 0 Go of 2 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 02s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1019
~ Mes musiques (My Musics) : 1/8556
~ Mes Videos (My Videos) : 1/268
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 2/19192
~ Mon Bureau (My Desktop) : 15/1220
~ Menu demarrer (Programs) : 1/56
~ Hidden Files: Scanned in 00mn 53s



---\\ Processos lançados
[MD5.F5DF8B70484A39A0F0EE3BB51B4DCF85] - (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192] [PID.3956]
[MD5.950AC1BD2B5F5935C28FD439F50AA5F7] - (.Egis Technology Inc. - HP SimplePass Identity Protection.) -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe [379248] [PID.1056]
[MD5.03522B916831A962E854E942B533D834] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512] [PID.1552]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.5628]
[MD5.27694C03ED9074E867A1C50B558E49DB] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe [383504] [PID.7128]
[MD5.8F2191F9BB434069C866D7A62CBEF592] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe [733680] [PID.5436]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.6664]
[MD5.85936458343B476B43B3FF6123271C4C] - (.Egis Technology Inc. - Egis Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [689008] [PID.1736]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2156]
[MD5.171000873EB522E5EA3DD4C4E0B689B2] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680] [PID.2228]
[MD5.07B1888209C54B675FFCCBDE9F06D2C6] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2272]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.2580]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.4120]
[MD5.17125B7D2F56B4B35441561C780C2CCB] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.6072]
~ Processes Running: Scanned in 00mn 01s



---\\ Opera, Plugins,Arranque,Pesquisa (P1,B0,B1)
B0 - SPO: operaprefs.ini [Veni] Home URL=http://search.localstrike.com.ar
B1 - OSP: search.ini [Veni] URL=http://find.localstrike.net?q=%s
~ Opera Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Veni\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [bakijjialdiiboeaknfpmflphhmljfkd] Speedial v.9.4.25, (Désactivé) =>Adware.Adware.SearchYa
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default\prefs.js
C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default\user.js
M3 - MFPP: Plugins - [Veni] -- C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default\searchplugins\Speedial.xml =>Adware.Adware.SearchYa
M0 - MFSP: prefs.js [Veni - 39x41cof.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Adware.SearchYa
M2 - MFEP: prefs.js [Veni - 39x41cof.default\{2fab2e94-d6f9-42de-8839-3510cef6424b}] [] SaveSense v3.0 (..) =>PUP.SaveSense
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Veni\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Adware.SearchYa
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Adware.SearchYa
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Adware.SearchYa
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 01s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: SaveSense [64Bits] - {2e32cfe5-df92-4ae5-b0be-609ed0df74a6} . (.SaveSense - SaveSense for IE.) -- C:\Program Files (x86)\SaveSense\SaveSenseIE.dll =>PUP.SaveSense
~ BHO: 13 Legitimates Filtered in 00mn 02s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Veni]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Qvo6
O4 - GS\QuickLaunch [Veni]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Qvo6
O4 - GS\QuickLaunch [Veni]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Veni]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Qvo6
O4 - GS\SystemTools [Veni]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Qvo6
~ Global Startup: 5 Legitimates Filtered in 00mn 18s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [VitaKeyTSR] . (.Egis Technology Inc. - HP SimplePass Identity Protection.) -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-21-2869537635-3016765442-4210560795-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2869537635-3016765442-4210560795-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB1CD65A-5405-4F23-8A22-746B91598804}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{267C502B-451B-4B68-AC5E-7F464707410F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F20B1504-5D6D-4C04-9270-30DF8B9C0C50}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BB1CD65A-5405-4F23-8A22-746B91598804}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{267C502B-451B-4B68-AC5E-7F464707410F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F20B1504-5D6D-4C04-9270-30DF8B9C0C50}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{BB1CD65A-5405-4F23-8A22-746B91598804}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{267C502B-451B-4B68-AC5E-7F464707410F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F20B1504-5D6D-4C04-9270-30DF8B9C0C50}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{33571B3C-BC21-4B63-95C5-60751F74051D}] (...) -- C:\Program Files (x86)\Webteh\BSplayer\bsplayer.exe (.not file.) [0]
[MD5.33CD08CE95030D07709B0417689C9627] [APT] [{3E0032B5-B1A6-46AA-A89E-F4FCFBA74754}] (.Banco Itaú.) -- C:\Users\Veni\Downloads\DiagnosticoItau(1).exe [3123256]
[MD5.49B09C3091279678FD626037E1079187] [APT] [{53418EAD-10E2-491F-ACA9-2105528BFD8E}] (...) -- C:\Program Files (x86)\Mafia 2\launcher.exe [440184]
[MD5.00000000000000000000000000000000] [APT] [{53E9A3B2-4FCB-4EE0-8586-D51F95E06102}] (...) -- C:\Users\Veni\Desktop\cod5\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5F82C698-E07D-4391-B28D-2516B2A1F52D}] (...) -- G:\EASetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6C3F3188-0780-497B-8323-F63E4EFCD175}] (...) -- H:\SimCity 4 Deluxe\SC4_uninst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8126E67D-CF7A-4DF4-BFF4-3867C2319CAF}] (...) -- C:\Program Files (x86)\Webteh\BSplayer\bsplayer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9E793395-5005-45BA-AEDF-AB75709969BE}] (...) -- C:\Users\Veni\Downloads\sp50499.exe (.not file.) [0]
[MD5.33CD08CE95030D07709B0417689C9627] [APT] [{B2D61E46-9243-43A1-91EB-4565A2765248}] (.Banco Itaú.) -- C:\Users\Veni\Desktop\chrome\DiagnosticoItau.exe [3123256]
[MD5.33CD08CE95030D07709B0417689C9627] [APT] [{B896F2DD-0B0C-4481-839F-0334AC76BFBB}] (.Banco Itaú.) -- C:\Users\Veni\Downloads\DiagnosticoItau.exe [3123256]
[MD5.00000000000000000000000000000000] [APT] [{BE258C09-49CF-4BB7-BFFC-878B183E5695}] (...) -- C:\Users\Veni\Desktop\chrome\DiagnosticoItau (1).exe (.not file.) [0]
[MD5.8BA5A05CE1D467D4A58D319C863877CF] [APT] [{C3373E1F-C613-49AC-B710-98A737C0E51E}] (...) -- C:\Users\Veni\Documents\CS 1.6123\csbot_v1.50_sitecs.net.exe [15067442]
[MD5.33CD08CE95030D07709B0417689C9627] [APT] [{CC4CB916-9B97-4B9F-9100-E1FA37A3AE99}] (.Banco Itaú.) -- C:\Users\Veni\Downloads\DiagnosticoItau (2).exe [3123256]
[MD5.00000000000000000000000000000000] [APT] [{EAE846C9-26AC-46E2-80C6-4AC606884F98}] (...) -- C:\Users\Veni\Downloads\sp51029.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2869537635-3016765442-4210560795-1000Core [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2869537635-3016765442-4210560795-1000UA [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HP Photo Creations Communicator [336]
~ Scheduled Task: 42 Legitimates Filtered in 00mn 28s



---\\ Software instalados (042)
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: KM Wakeup 1.4 MUI - (.Marcin Nowok.) [HKLM][64Bits] -- KM Wakeup
O42 - Logiciel: Macro Vibration Joystick - (...) [HKLM][64Bits] -- {36177F72-8181-45D7-95D1-EA5B008A4DC9}
O42 - Logiciel: Plus-HD-2.2 - (.Plus HD.) [HKLM][64Bits] -- Plus-HD-2.2 =>Adware.PlusHD
O42 - Logiciel: Plus-HD-4.1 - (.Plus HD.) [HKLM][64Bits] -- Plus-HD-4.1 =>Adware.PlusHD
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: SaveSense (remove only) - (.SaveSense.) [HKLM][64Bits] -- SaveSense =>PUP.SaveSense
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM][64Bits] -- sXe Injected
~ Logic: 30 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\AviToMpeg]
[HKCU\Software\Baidu Security]
[HKCU\Software\Brasfoot]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\GbAs]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\KM Wakeup]
[HKCU\Software\KSS]
[HKCU\Software\Olhardigital]
[HKCU\Software\SaveSense] =>PUP.SaveSense
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Statgraphics]
[HKCU\Software\sXe Injected]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Aps]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\sXe_Injected]
~ Key Software: 413 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/01/2012 - 12:15:11 - [] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 26/08/2013 - 12:10:42 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 13/07/2013 - 18:45:50 - [] ----D C:\Program Files (x86)\KM Wakeup
O43 - CFD: 26/08/2013 - 12:10:41 - [] ----D C:\Program Files (x86)\main
O43 - CFD: 09/02/2014 - 23:56:27 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 01/04/2014 - 23:39:50 - [] ----D C:\Program Files (x86)\SaveSense =>PUP.SaveSense
O43 - CFD: 09/04/2014 - 12:48:20 - [] ----D C:\Program Files (x86)\sXe Injected
O43 - CFD: 26/08/2013 - 12:10:41 - [] ----D C:\Program Files (x86)\zone
O43 - CFD: 13/05/2014 - 20:34:51 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 13/05/2013 - 23:12:18 - [] ----D C:\Users\Veni\AppData\Roaming\Baidu
O43 - CFD: 13/05/2013 - 23:10:55 - [] ----D C:\Users\Veni\AppData\Roaming\Baidu Security
O43 - CFD: 13/05/2013 - 22:12:05 - [0] ----D C:\Users\Veni\AppData\Roaming\BaiduPcFaster
O43 - CFD: 22/09/2013 - 11:00:06 - [] ----D C:\Users\Veni\AppData\Roaming\Iminent =>Adware.IMBooster
O43 - CFD: 15/04/2013 - 22:57:27 - [] ----D C:\Users\Veni\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 18/03/2013 - 01:00:10 - [] ----D C:\Users\Veni\AppData\Roaming\PCF
O43 - CFD: 22/05/2014 - 13:04:22 - [] ----D C:\Users\Veni\AppData\Roaming\Speedial =>Adware.Adware.SearchYa
O43 - CFD: 21/05/2012 - 21:32:00 - [] ----D C:\Users\Veni\AppData\Local\APN
O43 - CFD: 05/03/2012 - 00:37:59 - [0] ----D C:\Users\Veni\AppData\Local\Conduit
O43 - CFD: 25/05/2014 - 00:51:23 - [] ----D C:\Users\Veni\AppData\Local\PokerStars
O43 - CFD: 11/05/2012 - 17:41:22 - [0] ----D C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2012
O43 - CFD: 26/08/2013 - 12:10:42 - [] ----D C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 04/11/2012 - 23:53:08 - [0] ----D C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KM Wakeup
O43 - CFD: 09/11/2013 - 22:24:18 - [] ----D C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
O43 - CFD: 01/04/2014 - 23:39:51 - [] ----D C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.SaveSense
O43 - CFD: 13/07/2013 - 18:46:54 - [] ----D C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ 646 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 906 Legitimates Filtered in 00mn 15s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.86BF7B730E714AB48FFF4E57E4CD6907] - 25/05/2014 - 23:49:54 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [369898]
O44 - LFC:[MD5.F8510852E521C90826D8D72226C11BF9] - 25/05/2014 - 23:49:54 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [938042]
O44 - LFC:[MD5.1DEFC34BDCCA6E4ACDDAC620004AD7E5] - 26/05/2014 - 11:42:25 ---A- . (...) -- C:\Windows\MOBK907.flt [90]
O44 - LFC:[MD5.440B0CFBC4BD8A561A79046F99898274] - 26/05/2014 - 11:42:26 ---A- . (...) -- C:\Windows\MOBK907.blk [3194]
O44 - LFC:[MD5.8DED14E5210A1C9606833D3508E6C662] - 27/05/2014 - 22:03:10 ---A- . (...) -- C:\Windows\System32\Drivers\sfi.dat [1474832]
~ Files: 67 Legitimates Filtered in 03mn 25s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/04/2013 - 17:42:50 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:30/07/2010 - 09:53:20 ---A- . (.Windows (R) Win 7 DDK provider - CyberLink WebCam Virtual Driver.) -- C:\Windows\System32\Drivers\clwvd.sys [32880]
O58 - SDL:30/01/2012 - 14:36:05 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:22/02/2012 - 07:34:36 ---A- . (.ManyCam LLC - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [28160]
O58 - SDL:11/01/2012 - 03:11:20 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv_x64.sys [34304]
O58 - SDL:30/01/2012 - 14:26:49 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564792]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:25/01/2011 - 01:57:18 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [520192]
~ Drivers: 88 Legitimates Filtered in 00mn 08s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {18B6AF47-50A2-4FC5-B980-2F8EDF63E1DD} [DefaultScope] - (Speedial) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Adware.SearchYa
O69 - SBI: SearchScopes [HKCU] {31090377-0740-419E-BEFC-A56E50500D5B} - (Pesquisa Segura) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (qvo6) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Qvo6
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.9E30143CE601DBFBB45B71DC13E6D939] [SPRF][13/05/2014] (...) -- C:\Users\Veni\AppData\Roaming\unins000.dat [15839]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][13/05/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Veni\AppData\Roaming\unins000.exe [720082]
~ Files: 3 Legitimates Filtered in 00mn 01s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{BEF7E702-B2E9-4CD2-A8FB-ED6E8A84DBFD}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{205776D1-FEDF-4D42-A7AE-2442B0AF16E5}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 25s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_2203-bd84cda8_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_2203-bd84cda8_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer2_RASAPI32 =>PUP.Linkular
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer2_RASMANCS =>PUP.Linkular
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_dofus_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_dofus_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_format-factory_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_format-factory_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_forza-motorsport-4-theme-pack_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_forza-motorsport-4-theme-pack_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_haihaisoft-universal-player_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_haihaisoft-universal-player_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_k-lite-codec-pack-full_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_k-lite-codec-pack-full_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_km-wakeup_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_km-wakeup_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 396 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{22222222-2222-2222-2222-220322922200}] (CrossriderApp0039200.Sandbox) =>PUP.CrossRider
~ BCK: 4672 Legitimates Filtered in 00mn 09s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 25/03/2014 2264280 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SS - | Demand 05/05/2009 228408 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Auto 06/02/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/02/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/11/2012 489256 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 19/12/2012 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 16/04/2014 6817544 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SR - | Auto 25/03/2010 689008 | (EgisTec Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 14/06/2011 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 17/10/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 16/06/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 25/04/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 18/03/2014 1041192 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 03/04/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 03/04/2014 189912 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 22/12/2011 210512 | (MOBK907backup) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Online Backup\MOBK907backup.exe
SR - | Auto 25/01/2011 296448 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 23/02/2010 2192176 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\Windows\system32\vcsFPService.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 22s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:30/01/2012 - 14:26:49 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564792]
~ Emulateurs: Scanned in 00mn 22s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 132
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 4

[HKLM\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd] =>Adware.Adware.SearchYa^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E32CFE5-DF92-4AE5-B0BE-609ED0DF74A6}] =>PUP.SaveSense^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-4.1] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense] =>PUP.SaveSense^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\qvo6Software] =>Hijacker.Qvo6
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\askpartnercobrandingtool_rasapi32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\askpartnercobrandingtool_rasmancs] =>Toolbar.Ask
[HKLM\Software\Classes\CrossriderApp0039200.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0039200.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0039200.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322922200}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0039200.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0039200.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0039200.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311921100}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311921100}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322922200}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311921100}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^
C:\Users\Veni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd =>Adware.Adware.SearchYa^
C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b} =>PUP.SaveSense^
C:\Program Files (x86)\SaveSense =>PUP.SaveSense^
C:\Users\Veni\AppData\Roaming\Iminent =>Adware.IMBooster^
C:\Users\Veni\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\Veni\AppData\Roaming\Speedial =>Adware.Adware.SearchYa^
C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.SaveSense^
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\Users\Veni\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Veni\AppData\LocalLow\Conduit =>Toolbar.Conduit
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\SaveSense] =>PUP.SaveSense^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKCR\CLSID\{22222222-2222-2222-2222-220322922200}] (CrossriderApp0039200.Sandbox) =>PUP.CrossRider^
~ Additionnel Scan: 345260 Items scanned in 01mn 40s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveSense
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Qvo6
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PlusHD
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.1ClickDownloader
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallCore
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.VidSaver
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.OpenCandy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MyPCBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.RewardsArcade
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.V9Software
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Bandoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 18 link(s) detected in 00mn 00s



~ 1763 Legitimates filtered by white list
End of the scan (718 lines in 11mn 06s)(0)

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.211 - Relatório criado 27/05/2014 às 23:25:04
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Veni - VENI-PC
# Executando de : C:\Users\Veni\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Program Files (x86)\Conduit
Pasta Deletada : C:\Program Files (x86)\SaveSense
Pasta Deletada : C:\Users\Veni\AppData\Local\apn
Pasta Deletada : C:\Users\Veni\AppData\Local\Conduit
Pasta Deletada : C:\Users\Veni\AppData\Local\eSupport.com
Pasta Deletada : C:\Users\Veni\AppData\LocalLow\baidu
Pasta Deletada : C:\Users\Veni\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\Veni\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Veni\AppData\Roaming\Iminent
Pasta Deletada : C:\Users\Veni\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Veni\AppData\Roaming\Speedial
Pasta Deletada : C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Arquivo Deletada : C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default\user.js

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039200.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039200.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039200.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_dofus_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_dofus_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_forza-motorsport-4-theme-pack_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_forza-motorsport-4-theme-pack_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_haihaisoft-universal-player_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_haihaisoft-universal-player_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_k-lite-codec-pack-full_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_k-lite-codec-pack-full_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_km-wakeup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_km-wakeup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311921100}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322922200}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355925500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366926600}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311921100}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311921100}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311921100}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311921100}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322922200}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355925500}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366926600}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\Plus-HD-2.2
Chave Deletedo : HKLM\Software\qvo6Software
Chave Deletedo : HKLM\Software\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

-\\ Mozilla Firefox v

[ Arquivo : C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\Veni\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [18304 octets] - [27/05/2014 23:22:14]
AdwCleaner[S0].txt - [15596 octets] - [27/05/2014 23:25:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15657 octets] ##########

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

e quanto a questao de segurança ao acessar bancos, e pagar contas,esta muito contaminado?

steffler439 escreveu:e quanto a questao de segurança ao acessar bancos, e pagar contas,esta muito contaminado?

A maior parte da contaminação até agora é de adwares. Siga a dica que te passei na resposta anterior e poste o relatório, por gentileza.

O tamanho do log ultrapassou a capacidade da caixa de texto, entao anexei.

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Z-Analyse V1.0.0.3 Updated 21-05-2014
Tool run by Veni on 28/05/2014 at 16:19:50,74.

Running in: Normal Mode No Internet Access Detected

==== System Restore Info ======================

Failed to create System Restore Point

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 28/05/2014 at 16:24:21,58 ======================

Este não é o relatório certo. Aparentemente você baixou outra versão do Zoek. Ao acessar o link abaixo clique no botão Download Zoek.exe para baixar a versão correta:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Depois disto execute ele exatamente da maneira que lhe passei e poste o resultado dele.

sim, baixei o ZOEK.EXE e executei

Então faça novamente por gentileza, porque este log que você postou não é o correto.

ele fica abrindo a seguinte mensagem, dai eu clico em OK e continua abrindo

Reinicie o PC e depois refaça o procedimento que passei.

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Veni on 28/05/2014 at 17:54:42,68.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Veni\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-28-202128.log 144 bytes
C:\zoek-results2014-05-28-202225.log 276 bytes
C:\zoek-results2014-05-28-204911.log 925 bytes

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default\prefs.js:
user_pref("browser.startup.homepage", "http://speedial.com/?f=1&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1QzuzyzzyE0B0EtC0BtD0D0D0AyCtAtB0FzztN0D0Tzu0SzzyBtAtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtCyC0A0B0B0FtDtG0A0FtD0BtG0D0D0CyDtG0B0CyDtDtGyDyCtByB0DtA0A0Ezy0A0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDyCyEyCtCzytGyCtDtBzytG0D0D0A0DtG0BtCtCzztGtDtAyE0EyBtC0CyB0AtB0EyC2Q&cr=1560681138&ir=");
user_pref("browser.search.selectedEngine", "Speedial");

Added to C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\found.000 deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Baidu deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\Veni\AppData\Roaming\install.exe deleted
C:\Users\Veni\AppData\Roaming\unins000.exe deleted
"C:\Users\Veni\AppData\Roaming\i826" deleted

==== Folders Found ======================

2014-05-28 02:25:07 2014-05-28 02:25:07 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Veni\AppData\LocalLow\baidu
2014-05-28 02:25:09 2014-05-28 02:25:09 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Veni\AppData\Roaming\baidu
2014-05-28 02:25:09 2014-05-28 02:25:09 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Veni\AppData\Roaming\baidu\Baidu Antivirus
2013-05-14 02:10:55 2013-05-14 02:10:55 -------- d-----w- C:\Users\Veni\AppData\Roaming\Baidu Security
2013-06-08 03:33:54 2013-06-08 03:33:54 -------- d-----w- C:\Users\Veni\AppData\Roaming\Baidu Security\PC Faster\3.2.0.25\Uninstall\Baidu PC Faster Uninstall
2013-06-08 03:33:54 2013-06-08 03:33:54 -------- d-----w- C:\Users\Veni\AppData\Roaming\Baidu Security\PC Faster\3.2.0.25\Uninstall\Baidu PC Faster Uninstall HK
2013-03-20 20:46:55 2013-05-07 12:30:08 -------- d-----w- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BaiduPcFaster
2014-05-28 21:06:24 2014-05-28 21:06:24 -------- d---a-w- C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_Roaming_Baidu
2014-05-28 21:06:24 2014-05-28 21:06:24 -------- d---a-w- C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_Roaming_Baidu\BaiduSecurity

==== Files Found ======================


--- C:\AdwCleaner\Quarantine\C\Users\Veni\AppData\LocalLow\baidu\Internet Security\baidu_is[2013-3-19 20-55-28].dmp.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 0
Created time: 2013-03-19 23:55:28
Modified time: 2013-03-19 23:55:28
MD5: D41D8CD98F00B204E9800998ECF8427E
SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\LastReportTime]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\alluser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\curuser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
"RESTART_STICKY_NOTES_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"IAStorIcon_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Statistic]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run\Disable\alluser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run\Disable\curuser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Statistic]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\CleanRecord]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Install]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\InstalledPatchesRecord]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\LastReportTime]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
"RESTART_STICKY_NOTES_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"GrooveMonitor_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"HP Software Update_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"StartCCC_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"Baidu PC Faster 3.2.0.25"="\"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.2.0.25\\PCFaster.exe\" -auto -start"

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"Baidu PC Faster 3.2.0.25_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Setup]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Statistic]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\CleanRecord]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\LastReportTime]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hkcu]
"RESTART_STICKY_NOTES_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
"GrooveMonitor_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
"HP Software Update_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
"StartCCC_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Statistic]

"C:\\Users\\Veni\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\T8UQ81NS\\sp51613[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.2.0.25\\NewUpdater.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\LastReportTime]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\alluser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\curuser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
"RESTART_STICKY_NOTES_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"IAStorIcon_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Statistic]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run\Disable\alluser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run\Disable\curuser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Statistic]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [21/05/2014 20:57]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
- SaveSense - %ProfilePath%\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default
BE77CDD303A624DA42094FB1AEFBEAFE - C:\Users\Veni\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
5174E3BE46B2CCCDAF9CEB5B622CEA9B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll - Shockwave for Director / Shockwave for Director
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Veni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
341B3AE026B143DBC17BA1E1E0BAE3D6 - C:\Users\Veni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
575820ED1CB017382CC109E410E8A527 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer
1528225A7126F04A5797471E4F20256D - C:\Users\Veni\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas


==== Deleted Firefox Extensions ======================

C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]
cgpnojibjokpoghebklhkdeijehkohhb - C:\Users\Veni\AppData\Local\Temp\ccex.crx[]
fheoggkfdfchfphceeifdbepaooicaho - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]

SiteAdvisor - Veni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Adblock Advisor - Veni\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplojogpbcbnjoemcalepfmbcpnkpjjo
Google Wallet - Veni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Checker Plus for Gmailâ„¢ - Veni\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj
SiteAdvisor - Veni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Wallet - Veni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Veni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Veni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
C:\Users\Veni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://speedial.com/?f=1&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1QzuzyzzyE0B0EtC0BtD0D0D0AyCtAtB0FzztN0D0Tzu0SzzyBtAtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtCyC0A0B0B0FtDtG0A0FtD0BtG0D0D0CyDtG0B0CyDtDtGyDyCtByB0DtA0A0Ezy0A0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDyCyEyCtCzytGyCtDtBzytG0D0D0A0DtG0BtCtCzztGtDtAyE0EyBtC0CyB0AtB0EyC2Q&cr=1560681138&ir="
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://find.localstrike.net/"
"Start Page"="http://speedial.com/?f=1&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1QzuzyzzyE0B0EtC0BtD0D0D0AyCtAtB0FzztN0D0Tzu0SzzyBtAtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtCyC0A0B0B0FtDtG0A0FtD0BtG0D0D0CyDtG0B0CyDtDtGyDyCtByB0DtA0A0Ezy0A0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDyCyEyCtCzytGyCtDtBzytG0D0D0A0DtG0BtCtCzztGtDtAyE0EyBtC0CyB0AtB0EyC2Q&cr=1560681138&ir="
"Search Page"="http://find.localstrike.net/"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://find.localstrike.net/"
"Start Page"="http://speedial.com/?f=1&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1QzuzyzzyE0B0EtC0BtD0D0D0AyCtAtB0FzztN0D0Tzu0SzzyBtAtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtCyC0A0B0B0FtDtG0A0FtD0BtG0D0D0CyDtG0B0CyDtDtGyDyCtByB0DtA0A0Ezy0A0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDyCyEyCtCzytGyCtDtBzytG0D0D0A0DtG0BtCtCzztGtDtAyE0EyBtC0CyB0AtB0EyC2Q&cr=1560681138&ir="
"Search Page"="http://find.localstrike.net/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://speedial.com/?f=1&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1QzuzyzzyE0B0EtC0BtD0D0D0AyCtAtB0FzztN0D0Tzu0SzzyBtAtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtCyC0A0B0B0FtDtG0A0FtD0BtG0D0D0CyDtG0B0CyDtDtGyDyCtByB0DtA0A0Ezy0A0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDyCyEyCtCzytGyCtDtBzytG0D0D0A0DtG0BtCtCzztGtDtAyE0EyBtC0CyB0AtB0EyC2Q&cr=1560681138&ir="
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{18B6AF47-50A2-4FC5-B980-2F8EDF63E1DD} Speedial Url="http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1QzuzyzzyE0B0EtC0BtD0D0D0AyCtAtB0FzztN0D0Tzu0SzzyBtAtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtCyC0A0B0B0FtDtG0A0FtD0BtG0D0D0CyDtG0B0CyDtDtGyDyCtByB0DtA0A0Ezy0A0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDyCyEyCtCzytGyCtDtBzytG0D0D0A0DtG0BtCtCzztGtDtAyE0EyBtC0CyB0AtB0EyC2Q&cr=1560681138&ir="
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Veni\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Veni\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Veni\Desktop\Documentos.lnk - C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
C:\Users\Veni\Desktop\Downloads.lnk - C:\Users\Veni\Downloads
C:\Users\Veni\Desktop\Google Drive.lnk - C:\Users\Veni\Google Drive
C:\Users\Veni\Desktop\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Veni\Desktop\R i386 3.0.3.lnk - C:\Program Files\R\R-3.0.3\bin\i386\Rgui.exe
C:\Users\Veni\Desktop\sgwin - Atalho.lnk - C:\Users\Veni\Desktop\STATGRAPHICS Plus 5.1\sgwin.exe
C:\Users\Veni\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\Veni\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\Veni\Desktop\Engenharia Ambiental\1º ano\Certificaçao ambiental\Gestao ambiental - Atalho.lnk -
C:\Users\Veni\Desktop\Engenharia Ambiental\1º ano\Certificaçao ambiental\Gestão Ambiental nas indústrias - Atalho.lnk -
C:\Users\Veni\Desktop\Engenharia Ambiental\1º ano\Certificaçao ambiental\iso 14000 - Elynton - Atalho.lnk -
C:\Users\Veni\Desktop\Engenharia Ambiental\1º ano\Certificaçao ambiental\Peres at al 2010 - iso 14000 - Atalho.lnk -
C:\Users\Veni\Desktop\Engenharia Ambiental\1º ano\Certificaçao ambiental\rotulagem e marketing - Atalho.lnk -
C:\Users\Veni\Desktop\Jogos\Age of Mythology.lnk - C:\Users\Veni\Documents\age of empires\Age of Mythology\aom.exe xres=1366 yres=768
C:\Users\Veni\Desktop\Jogos\Age of MythologyTitans.lnk - C:\Users\Veni\Documents\age of empires\Age of Mythology Titans\loader.exe xres=1366 yres=768
C:\Users\Veni\Desktop\Jogos\aomx - Atalho.lnk - C:\Users\Veni\Documents\Age of Mythology Titans\aomx.exe xres=1366 yres=768
C:\Users\Veni\Desktop\Jogos\BurnoutParadise - Atalho.lnk - C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
C:\Users\Veni\Desktop\Jogos\Call of Duty® World at War - Atalho.lnk -
C:\Users\Veni\Desktop\Jogos\CoDWaWmp - Atalho.lnk - C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe +set fs_game "mods/PeZBOTWAW"
C:\Users\Veni\Desktop\Jogos\Counter Strike 1.6 Non Steam.lnk - C:\Program Files (x86)\Valve\hl.exe -nomaster -game cstrike
C:\Users\Veni\Desktop\Jogos\Counter-Strike 1.6.lnk - C:\Program Files (x86)\Valve\hl.exe -nomaster -game cstrike
C:\Users\Veni\Desktop\Jogos\Dead Island.lnk - C:\Program Files (x86)\Black_Box\Dead Island\DeadIslandGame.exe
C:\Users\Veni\Desktop\Jogos\Dedicated Server.lnk - C:\Program Files (x86)\Valve\hlds.exe -nomaster -game cstrike -insecure
C:\Users\Veni\Desktop\Jogos\DiRT 3.lnk -
C:\Users\Veni\Desktop\Jogos\Fifa2011.lnk - C:\Program Files (x86)\EA Sports\FIFA 11\Game\fifa.exe
C:\Users\Veni\Desktop\Jogos\GunboundPS.lnk - C:\Game\SoftnyxGame\GunBoundPS\NyxLauncher.exe
C:\Users\Veni\Desktop\Jogos\loader - Atalho.lnk - C:\Users\Veni\Documents\Age of Mythology Titans\loader.exe xres=1366 yres=768
C:\Users\Veni\Desktop\Jogos\Mafia2.lnk - C:\Program Files (x86)\Mafia 2\launcher.exe
C:\Users\Veni\Desktop\Jogos\Play F1 2012 nosTEAM.lnk - C:\Users\Veni\Downloads\F1 2012 =Formula 1 2012= PC full game ^^nosTEAM^^\F1 2012\f1_2012.exe
C:\Users\Veni\Desktop\Jogos\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Veni\Desktop\Jogos\SimCity 4 Deluxe.lnk - C:\Program Files (x86)\Maxis\SimCity 4 Deluxe\Apps\SimCity 4.exe -customresolution:enabled -r1366x768x32
C:\Users\Veni\Desktop\Jogos\sXe Injected.lnk - C:\Program Files (x86)\sXe Injected\sxe injected.exe
C:\Users\Veni\Desktop\Programas\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Veni\Desktop\Programas\Ashampoo Burning Studio 2012.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2012\burningstudio2012.exe
C:\Users\Veni\Desktop\Programas\BS.Player PRO.lnk - C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe
C:\Users\Veni\Desktop\Programas\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Veni\Desktop\Programas\COMODO Internet Security.lnk - C:\Program Files (x86)\COMODO\COMODO Internet Security\cistray.exe --shortcut
C:\Users\Veni\Desktop\Programas\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Veni\Desktop\Programas\EVEREST Ultimate Edition.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\Veni\Desktop\Programas\Facebook Messenger.lnk - C:\Users\Veni\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Users\Veni\Desktop\Programas\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Veni\Desktop\Programas\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Veni\Desktop\Programas\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HPScan.exe
C:\Users\Veni\Desktop\Programas\HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Veni\Desktop\Programas\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe
C:\Users\Veni\Desktop\Programas\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Veni\Desktop\Programas\KM Wakeup.lnk - C:\Program Files (x86)\KM Wakeup\kmwakeup.exe
C:\Users\Veni\Desktop\Programas\LightScribe.lnk - C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe
C:\Users\Veni\Desktop\Programas\McAfee Security Center.lnk - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /desktopicon
C:\Users\Veni\Desktop\Programas\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Veni\Desktop\Programas\R i386 3.0.3.lnk - C:\Program Files\R\R-3.0.3\bin\i386\Rgui.exe
C:\Users\Veni\Desktop\Programas\R x64 3.0.3.lnk - C:\Program Files\R\R-3.0.3\bin\x64\Rgui.exe
C:\Users\Veni\Desktop\Programas\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Veni\Desktop\Programas\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Veni\Desktop\Programas\sXe Injected.lnk - C:\Program Files (x86)\sXe Injected\sXe Injected.exe
C:\Users\Veni\Desktop\Programas\Tunngle beta.lnk - C:\Program Files (x86)\Tunngle\Tunngle.exe
C:\Users\Veni\Desktop\Programas\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Veni\Desktop\Programas\µTorrent.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Espaço Compartilhado.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 1942™ .lnk -
C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound\Rapture3D - Help.lnk - C:\Program Files (x86)\BRS\rapture3dgame.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound\Rapture3D - Speaker Layout.lnk - C:\Program Files (x86)\BRS\UserLayout.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Games for Windows - LIVE.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /desktopicon /platui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE\Games for Windows - LIVE.lnk - C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player PRO.lnk - C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2053a92d0f7737b2\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\724e6c6e1aea27c4\COMODO Internet Security.lnk - C:\Program Files (x86)\COMODO\COMODO Internet Security\cis.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\EVEREST Ultimate Edition.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iw5sp.lnk - C:\Program Files (x86)\Call of Duty- Modern Warfare 3\iw5sp.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Users\Veni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cgpnojibjokpoghebklhkdeijehkohhb deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-4.1 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Veni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Veni\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=103 folders=21 7622110 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Veni\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Veni\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 28/05/2014 at 18:13:26,21 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Veni on 28/05/2014 at 19:11:17,63.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Veni\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-28-202128.log 144 bytes
C:\zoek-results2014-05-28-202225.log 276 bytes
C:\zoek-results2014-05-28-204911.log 925 bytes
C:\zoek-results2014-05-28-211326.log 39826 bytes

==== System Restore Info ======================

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\LastReportTime]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
"RESTART_STICKY_NOTES_BaiDuSafe_RegType"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"IAStorIcon_BaiDuSafe_RegType"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Statistic]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Run\Disable\hklm]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\Statistic]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\CleanRecord]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Install]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\InstalledPatchesRecord]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\LastReportTime]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
"RESTART_STICKY_NOTES_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"GrooveMonitor_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"HP Software Update_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"StartCCC_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"Baidu PC Faster 3.2.0.25"=-
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"Baidu PC Faster 3.2.0.25_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Setup]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Statistic]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\CleanRecord]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\LastReportTime]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hkcu]
"RESTART_STICKY_NOTES_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
"GrooveMonitor_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
"HP Software Update_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
"StartCCC_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Statistic]
"C:\\Users\\Veni\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\T8UQ81NS\\sp51613[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.2.0.25\\NewUpdater.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\LastReportTime]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
"RESTART_STICKY_NOTES_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
"IAStorIcon_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Statistic]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\Statistic]

==== Deleting Files \ Folders ======================

C:\Users\Veni\AppData\Roaming\Baidu Security deleted
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BaiduPcFaster deleted

==== Folders Found ======================

2014-05-28 02:25:07 2014-05-28 02:25:07 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Veni\AppData\LocalLow\baidu
2014-05-28 02:25:09 2014-05-28 02:25:09 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Veni\AppData\Roaming\baidu
2014-05-28 02:25:09 2014-05-28 02:25:09 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Veni\AppData\Roaming\baidu\Baidu Antivirus
2014-05-28 22:15:18 2014-05-28 22:15:18 -------- d---a-w- C:\zoek_backup\C_Users_Veni_AppData_Roaming_Baidu Security
2014-05-28 22:15:18 2014-05-28 22:15:18 -------- d---a-w- C:\zoek_backup\C_Users_Veni_AppData_Roaming_Baidu Security_PC Faster_3.2.0.25_Uninstall_Baidu PC Faster Uninstall
2014-05-28 22:15:18 2014-05-28 22:15:18 -------- d---a-w- C:\zoek_backup\C_Users_Veni_AppData_Roaming_Baidu Security_PC Faster_3.2.0.25_Uninstall_Baidu PC Faster Uninstall HK
2014-05-28 21:06:24 2014-05-28 21:06:24 -------- d---a-w- C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_Roaming_Baidu
2014-05-28 22:15:18 2013-05-07 12:30:08 -------- d---a-w- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Roaming_BaiduPcFaster
2014-05-28 22:15:18 2014-05-28 22:15:18 -------- d---a-w- C:\zoek_backup\C_Users_Veni_AppData_Roaming_Baidu Security\PC Faster\3.2.0.25\Uninstall\Baidu PC Faster Uninstall
2014-05-28 22:15:18 2014-05-28 22:15:18 -------- d---a-w- C:\zoek_backup\C_Users_Veni_AppData_Roaming_Baidu Security\PC Faster\3.2.0.25\Uninstall\Baidu PC Faster Uninstall HK
2014-05-28 21:06:24 2014-05-28 21:06:24 -------- d---a-w- C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_Roaming_Baidu\BaiduSecurity

==== Files Found ======================


--- C:\AdwCleaner\Quarantine\C\Users\Veni\AppData\LocalLow\baidu\Internet Security\baidu_is[2013-3-19 20-55-28].dmp.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 0
Created time: 2013-03-19 23:55:28
Modified time: 2013-03-19 23:55:28
MD5: D41D8CD98F00B204E9800998ECF8427E
SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709


==== Registry Search Results for "Baidu" ======================


[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Statistic]

"C:\\Users\\Veni\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\T8UQ81NS\\sp51613[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.2.0.25\\NewUpdater.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=118 folders=38 11621435 bytes)

==== EOF on 28/05/2014 at 19:19:25,20 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Veni on 28/05/2014 at 21:24:26,20.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Veni\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-28-202128.log 144 bytes
C:\zoek-results2014-05-28-202225.log 276 bytes
C:\zoek-results2014-05-28-204911.log 925 bytes
C:\zoek-results2014-05-28-211326.log 39826 bytes
C:\zoek-results2014-05-28-221925.log 14638 bytes
C:\zoek-results2014-05-29-000436.log 694 bytes

==== System Restore Info ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Statistic]
"C:\\Users\\Veni\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\T8UQ81NS\\sp51613[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.2.0.25\\NewUpdater.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.2.0.25\Run\Disable\hklm]

==== Registry Search Results for "Baidu" ======================


[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Statistic]

"C:\\Users\\Veni\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\T8UQ81NS\\sp51613[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.2.0.25\\NewUpdater.exe"=dword:00000001

==== C:\zoek_backup content ======================

C:\zoek_backup (files=118 folders=38 11621435 bytes)

==== EOF on 28/05/2014 at 21:27:12,73 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Veni on 28/05/2014 at 21:38:43,59.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Veni\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-28-202128.log 144 bytes
C:\zoek-results2014-05-28-202225.log 276 bytes
C:\zoek-results2014-05-28-204911.log 925 bytes
C:\zoek-results2014-05-28-211326.log 39826 bytes
C:\zoek-results2014-05-28-221925.log 14638 bytes
C:\zoek-results2014-05-29-000436.log 694 bytes
C:\zoek-results2014-05-29-002712.log 4041 bytes

==== System Restore Info ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Statistic]
"C:\\Users\\Veni\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\T8UQ81NS\\sp51613[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.2.0.25\\NewUpdater.exe"=-
[-HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster\Statistic]

==== Registry Search Results for "Baidu" ======================


[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2869537635-3016765442-4210560795-1000\Software\Baidu Security\PC Faster]

"C:\\Users\\Veni\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\T8UQ81NS\\sp51613[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.2.0.25\\NewUpdater.exe"=dword:00000001

==== C:\zoek_backup content ======================

C:\zoek_backup (files=118 folders=38 11621435 bytes)

==== EOF on 28/05/2014 at 21:40:23,50 ======================

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Iniciado por Veni (28/05/2014 21:50:33)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107 (Defaut)
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v35.0.1916.114

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
COMODO Internet Security Premium v6.2.23257.2860
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v3.28

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.1.2 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 4029 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 242 GB (42%) free of 575 GB

---\\ Modo de conexão ao sistema
~ Computer Name: VENI-PC
~ User Name: Veni
~ All Users Names: Veni, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Veni\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Veni\AppData\Roaming\
~ %Desktop% : C:\Users\Veni\Desktop\
~ %Favorites% : C:\Users\Veni\Favorites\
~ %LocalAppData% : C:\Users\Veni\AppData\Local\
~ %StartMenu% : C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 242 Go of 575 Go)
D: Hard drive, Flash drive, Thumb drive (Free 3 Go of 20 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Free 0 Go of 2 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1018
~ Mes musiques (My Musics) : 1/8556
~ Mes Videos (My Videos) : 1/268
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 2/19192
~ Mon Bureau (My Desktop) : 15/1222
~ Menu demarrer (Programs) : 1/53
~ Hidden Files: Scanned in 00mn 17s



---\\ Processos lançados
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.1428]
[MD5.721A2C99B2C9696FBF2595395EBF0002] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe [386064] [PID.2216]
[MD5.D12BA73F90EA5723CE60F76C721BCE4B] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe [752720] [PID.2256]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.1924]
~ Processes Running: Scanned in 00mn 01s



---\\ Opera, Plugins,Arranque,Pesquisa (P1,B0,B1)
B0 - SPO: operaprefs.ini [Veni] Home URL=http://search.localstrike.com.ar
B1 - OSP: search.ini [Veni] URL=http://find.localstrike.net?q=%s
~ Opera Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Veni\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default\prefs.js
M3 - MFPP: Plugins - [Veni] -- C:\Users\Veni\AppData\Roaming\Mozilla\Firefox\Profiles\39x41cof.default\searchplugins\Speedial.xml =>Adware.Adware.SearchYa
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Veni\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Adware.SearchYa
~ IE Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Veni]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [VitaKeyTSR] . (.Egis Technology Inc. - HP SimplePass Identity Protection.) -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-21-2869537635-3016765442-4210560795-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2869537635-3016765442-4210560795-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB1CD65A-5405-4F23-8A22-746B91598804}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{267C502B-451B-4B68-AC5E-7F464707410F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F20B1504-5D6D-4C04-9270-30DF8B9C0C50}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BB1CD65A-5405-4F23-8A22-746B91598804}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{267C502B-451B-4B68-AC5E-7F464707410F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F20B1504-5D6D-4C04-9270-30DF8B9C0C50}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{BB1CD65A-5405-4F23-8A22-746B91598804}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{267C502B-451B-4B68-AC5E-7F464707410F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F20B1504-5D6D-4C04-9270-30DF8B9C0C50}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2869537635-3016765442-4210560795-1000Core [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2869537635-3016765442-4210560795-1000UA [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HP Photo Creations Communicator [336]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: KM Wakeup 1.4 MUI - (.Marcin Nowok.) [HKLM][64Bits] -- KM Wakeup
O42 - Logiciel: Macro Vibration Joystick - (...) [HKLM][64Bits] -- {36177F72-8181-45D7-95D1-EA5B008A4DC9}
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM][64Bits] -- sXe Injected
~ Logic: 24 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\AviToMpeg]
[HKCU\Software\Baidu Security]
[HKCU\Software\Brasfoot]
[HKCU\Software\GbAs]
[HKCU\Software\KM Wakeup]
[HKCU\Software\KSS]
[HKCU\Software\Olhardigital]
[HKCU\Software\Statgraphics]
[HKCU\Software\sXe Injected]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Aps]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\Plus-HD-4.1] =>Adware.PlusHD
[HKLM\Software\Wow6432Node\sXe_Injected]
~ Key Software: 384 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/08/2013 - 12:10:42 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 13/07/2013 - 18:45:50 - [] ----D C:\Program Files (x86)\KM Wakeup
O43 - CFD: 26/08/2013 - 12:10:41 - [] ----D C:\Program Files (x86)\main
O43 - CFD: 09/02/2014 - 23:56:27 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 09/04/2014 - 12:48:20 - [] ----D C:\Program Files (x86)\sXe Injected
O43 - CFD: 26/08/2013 - 12:10:41 - [] ----D C:\Program Files (x86)\zone
O43 - CFD: 18/03/2013 - 01:00:10 - [] ----D C:\Users\Veni\AppData\Roaming\PCF
O43 - CFD: 25/05/2014 - 00:51:23 - [] ----D C:\Users\Veni\AppData\Local\PokerStars
O43 - CFD: 11/05/2012 - 17:41:22 - [0] ----D C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2012
O43 - CFD: 26/08/2013 - 12:10:42 - [] ----D C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 04/11/2012 - 23:53:08 - [0] ----D C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KM Wakeup
O43 - CFD: 09/11/2013 - 22:24:18 - [] ----D C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
O43 - CFD: 13/07/2013 - 18:46:54 - [] ----D C:\Users\Veni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ Program Folder: 221 Legitimates Filtered in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.86BF7B730E714AB48FFF4E57E4CD6907] - 25/05/2014 - 23:49:54 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [369898]
O44 - LFC:[MD5.F8510852E521C90826D8D72226C11BF9] - 25/05/2014 - 23:49:54 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [938042]
O44 - LFC:[MD5.5E7ED02C38D4B8D747A41EC6554B6E40] - 28/05/2014 - 17:21:28 ---A- . (...) -- C:\zoek-results2014-05-28-202128.log [144]
O44 - LFC:[MD5.4337556483F98B07DA1CAC4E305ECE4E] - 28/05/2014 - 17:22:25 ---A- . (...) -- C:\zoek-results2014-05-28-202225.log [276]
O44 - LFC:[MD5.3A530AE34ABFA8C69C196E405B333CA7] - 28/05/2014 - 17:49:11 ---A- . (...) -- C:\zoek-results2014-05-28-204911.log [925]
O44 - LFC:[MD5.08B82FCAE4EB69E5B667D2AEF5FD5676] - 28/05/2014 - 18:13:26 ---A- . (...) -- C:\zoek-results2014-05-28-211326.log [39826]
O44 - LFC:[MD5.77F860179AB0D980EAA021BA53624070] - 28/05/2014 - 19:19:25 ---A- . (...) -- C:\zoek-results2014-05-28-221925.log [14638]
O44 - LFC:[MD5.7C31ACC9CDBB0341592A1CCAFF478F6C] - 28/05/2014 - 19:29:59 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [23376]
O44 - LFC:[MD5.7C31ACC9CDBB0341592A1CCAFF478F6C] - 28/05/2014 - 19:29:59 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [23376]
O44 - LFC:[MD5.88862A5771A22F80F584F4A09CA12376] - 28/05/2014 - 20:12:37 ---A- . (...) -- C:\Windows\MOBK907.blk [3118]
O44 - LFC:[MD5.1DEFC34BDCCA6E4ACDDAC620004AD7E5] - 28/05/2014 - 20:12:37 ---A- . (...) -- C:\Windows\MOBK907.flt [90]
O44 - LFC:[MD5.04F63E54B604A2A1933F3EFE69F88488] - 28/05/2014 - 21:04:36 ---A- . (...) -- C:\zoek-results2014-05-29-000436.log [694]
O44 - LFC:[MD5.F597F4F50461F9B065F0A1EE27919927] - 28/05/2014 - 21:12:17 ---A- . (...) -- C:\Windows\System32\Drivers\sfi.dat [1474832]
O44 - LFC:[MD5.85080B70BBB6602C8C4CE0A98453BB01] - 28/05/2014 - 21:22:14 ---A- . (...) -- C:\Windows\ntbtlog.txt [533474]
O44 - LFC:[MD5.EB4030D5EB69014A5F22BE7ADCF57140] - 28/05/2014 - 21:27:12 ---A- . (...) -- C:\zoek-results2014-05-29-002712.log [4041]
O44 - LFC:[MD5.739926E509F461E954760199FCE858B7] - 28/05/2014 - 21:40:23 ---A- . (...) -- C:\zoek-results.log [2076]
~ Files: 79 Legitimates Filtered in 00mn 09s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/04/2013 - 17:42:50 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:30/07/2010 - 09:53:20 ---A- . (.Windows (R) Win 7 DDK provider - CyberLink WebCam Virtual Driver.) -- C:\Windows\System32\Drivers\clwvd.sys [32880]
O58 - SDL:30/01/2012 - 14:36:05 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:22/02/2012 - 07:34:36 ---A- . (.ManyCam LLC - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [28160]
O58 - SDL:11/01/2012 - 03:11:20 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv_x64.sys [34304]
O58 - SDL:30/01/2012 - 14:26:49 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564792]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:25/01/2011 - 01:57:18 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [520192]
~ Drivers: 88 Legitimates Filtered in 00mn 22s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {18B6AF47-50A2-4FC5-B980-2F8EDF63E1DD} - (Speedial) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Adware.SearchYa
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {7568554D-B62F-4631-98CB-5EBC5E4CE0CD} - (Pesquisa Segura) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {EB031A5E-C7F1-46FB-8EDB-BFDB2B326AA4} [DefaultScope] - (Pesquisa segura) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.9E30143CE601DBFBB45B71DC13E6D939] [SPRF][13/05/2014] (...) -- C:\Users\Veni\AppData\Roaming\unins000.dat [15839]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{BEF7E702-B2E9-4CD2-A8FB-ED6E8A84DBFD}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{205776D1-FEDF-4D42-A7AE-2442B0AF16E5}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_2203-bd84cda8_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_2203-bd84cda8_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer2_RASAPI32 =>PUP.Linkular
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer2_RASMANCS =>PUP.Linkular
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 372 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SS - | Auto 19/12/2012 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Auto 16/04/2014 6817544 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SS - | Demand 25/03/2014 2264280 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SS - | Demand 05/05/2009 228408 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Auto 25/03/2010 689008 | (EgisTec Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
SS - | Demand 31/03/2010 26784 | (EverestDriver) . (...) - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64
SS - | Auto 06/02/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/02/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SS - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SS - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SS - | Auto 14/06/2011 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SS - | Auto 17/10/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 16/06/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Auto 25/04/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SS - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SS - | Auto 22/12/2011 210512 | (MOBK907backup) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Online Backup\MOBK907backup.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 25/01/2011 296448 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SS - | Demand 19/11/2012 489256 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Auto 23/02/2010 2192176 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\Windows\system32\vcsFPService.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 18/03/2014 1041192 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 03/04/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 03/04/2014 189912 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
~ Services: Scanned in 00mn 21s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:30/01/2012 - 14:26:49 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564792]
~ Emulateurs: Scanned in 00mn 21s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Wow6432Node\Plus-HD-4.1] =>Adware.PlusHD^
~ Additionnel Scan: 335581 Items scanned in 00mn 58s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PlusHD
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MyPCBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 5 link(s) detected in 00mn 00s



~ 1026 Legitimates filtered by white list
End of the scan (485 lines in 02mn 49s)(0)