Limpeza no PC.

por BernardoKonzen Ter 15 Jul 2014, 11:06

Estou "limpando" e otimizando o meu computador gostaria de uma ajuda.

Ja passei o AdwCleaner e o Malwarebytes o que vocês me recomendam a passar na minha maquina ela ainda esta um pouco lenta. Primeiro vou fazer a limpeza de software e depois da parte de hardware.

Segue o registro do AdwCleaner.

# AdwCleaner v3.215 - Relatório criado 15/07/2014 às 10:47:48
# Atualizado 09/07/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : user - USER-PC
# Executando de : C:\Users\user\Documents\Bernardo\adwcleaner_3.215.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Serviço Deletada : SafetyNutManager

***** [ Arquivos / Pastas ] *****

[!] Pasta Deletada : C:\ProgramData\SafetyNut

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Valor Deletedo : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Valor Deletedo : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Valor Deletedo : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Valor Deletedo : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Chave Deletedo : HKCU\Software\SafetyNut
Chave Deletedo : HKLM\Software\SafetyNut
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xwjsp4gf.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [22921 octets] - [16/04/2014 06:22:49]
AdwCleaner[R1].txt - [1436 octets] - [16/04/2014 07:33:00]
AdwCleaner[R2].txt - [2403 octets] - [26/04/2014 11:25:31]
AdwCleaner[R3].txt - [4660 octets] - [26/05/2014 12:07:18]
AdwCleaner[R4].txt - [2213 octets] - [08/07/2014 08:56:13]
AdwCleaner[R5].txt - [5743 octets] - [15/07/2014 10:46:46]
AdwCleaner[S0].txt - [20819 octets] - [16/04/2014 06:48:23]
AdwCleaner[S1].txt - [1488 octets] - [16/04/2014 07:33:56]
AdwCleaner[S2].txt - [2497 octets] - [26/04/2014 11:28:28]
AdwCleaner[S3].txt - [4459 octets] - [26/05/2014 12:08:01]
AdwCleaner[S4].txt - [2135 octets] - [08/07/2014 08:57:48]
AdwCleaner[S5].txt - [4910 octets] - [15/07/2014 10:47:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [4970 octets] ##########

por **Power Max** Ter 15 Jul 2014, 11:21

Olá Bernardo. Poste o log (relatório) do Malwarebytes para que possamos analisar.

por BernardoKonzen Ter 15 Jul 2014, 12:07

Max eu passei o Malwarebytes e a minha mae reinicio o pc pode me explicar onde acho o relatório dele?

Segue o relatório do Zoek.

Zoek.exe v5.0.0.0 Updated 14-07-2014
Tool run by user on 15/07/2014 at 11:23:01,17.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-04-16-111048.log 23337 bytes

==== System Restore Info ======================

15/07/2014 11:24:51 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xwjsp4gf.default\prefs.js:
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xwjsp4gf.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xwjsp4gf.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_072014_1137_.backup

==== Deleting Files \ Folders ======================

C:\Users\user\Searches deleted
"C:\Windows\Installer\17c82a5.msi" deleted

==== Folders Found ======================

2014-04-16 09:48:24 2014-04-16 09:48:24 -------- dc----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2013-10-04 22:18:30 2014-05-04 21:13:48 -------- d-----w- C:\ProgramData\Baidu Security
2013-10-04 22:18:30 2014-05-04 21:13:48 -------- d-----w- C:\Users\All Users\Baidu Security
2013-10-04 22:17:04 2013-10-05 17:02:13 -------- d-----w- C:\Users\user\AppData\Roaming\Baidu Security
2013-10-06 03:36:22 2013-10-06 03:36:22 -------- d-----w- C:\Users\user\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2013-10-06 03:36:22 2013-10-06 03:36:22 -------- d-----w- C:\Users\user\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-03-29 09:52:12 2014-03-29 09:52:12 -------- d-----w- C:\Users\user\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-29 09:52:12 2014-03-29 09:52:12 -------- d-----w- C:\Users\user\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-04-04 04-46-47-0226-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-04 04-27-43-0531-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-29 03-50-29-0104-[19688].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Pcftray-2014-03-29 03-50-35-0953-[19708].tmp"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}]
"InstallSource"="C:\\BaiduDownloads\\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-10-05 13_59_00_0516rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC App Store\3.8.8.1435]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\230975]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\230975]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_channel_info_appstore.cgi?install_channel=pcf&version=3.8.8.1435&errorcode=0&errortext=&userid=WD-WMAYU-C89CDC4F9802!d5a4a363-81f7-41c8-b611-734e09d6d657@#C89CDC4F9802&install_time=2013-11-03 00:12:28"

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\326525]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\326525]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_channel_info_appstore.cgi?install_channel=pcf&version=3.8.8.1435&errorcode=0&errortext=&userid=WD-WMAYU-C89CDC4F9802!d5a4a363-81f7-41c8-b611-734e09d6d657@#C89CDC4F9802&install_time=2013-10-05 17:02:14"

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC App Store\DataReport]

"c:\\users\\user\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-05 23_07_01_[0170]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\user\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-05 23_07_01_[0132]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\user\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-05 23_07_01_[0215]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\user\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-03 02_28_13_[0883]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC App Store\Setup]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1151420866-3533708681-349064816-1000\Software\Baidu Security\PC Faster\Setup]

"C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I11TVK8R\\raidcall_6.3.0[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.8.8.1435\\PCAppStore.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-10-05 13_59_00_0516rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [08/07/2014 09:04]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [28/07/2012 17:03]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xwjsp4gf.default
DE85813201ACE03E7909F618B56B4600 - C:\Users\user\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
DDC58F83CB93B89F7261CDFCFC6E7832 - C:\Users\user\AppData\Roaming\rcru\plugins\nprcplugin.dll - Raidcall plugin
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
F6D12679B9112358AC705A1308156F59 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
5F051C32C2E5743D8A2426CC5A6A89E0 - C:\Users\user\AppData\Roaming\RCKR\plugins\nprcplugin.dll - Raidcall plugin

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[08/07/2014 09:04]

Google Drive - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Windows Media Player Extension for HTML5 - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak
Google Wallet - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\user\Desktop\AIKA.lnk - C:\OnGame\AIKA\AIKALauncher.exe
C:\Users\user\Desktop\IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\user\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\user\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\user\Desktop\Order Of War.lnk - C:\Program Files (x86)\Order Of War\oow_final.exe
C:\Users\user\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\user\Desktop\PristonTale.lnk - C:\Program Files (x86)\Priston Tale Brasil\PsTale.exe
C:\Users\user\Desktop\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\user\Desktop\Visual Studio 2012.lnk - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
C:\Users\user\Desktop\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\user\Desktop\µTorrent.lnk -
C:\Users\user\Desktop\videos joão carlos\Downloads.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Internet Security.lnk -
C:\Users\Public\Desktop\avast SafeZone.lnk -
C:\Users\Public\Desktop\Battlefield 3.lnk - C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe

==== shortcuts in Users Start Menu ======================

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIKA\AIKA.lnk - C:\OnGame\AIKA\AIKALauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIKA\Uninstall.lnk - C:\OnGame\AIKA\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheating-Death\CDEula.lnk - C:\Program Files (x86)\Cheating-Death\cdeula.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheating-Death\Cheating-Death Client.lnk - C:\Program Files (x86)\Cheating-Death\cdeath.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheating-Death\Readme.lnk - C:\Program Files (x86)\Cheating-Death\readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheating-Death\Uninstall C-D.lnk - C:\Program Files (x86)\Cheating-Death\UninstCD.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6\BOT Commands.lnk - C:\Program Files (x86)\Counter-Strike 1.6\cstrike\bot_commands.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6\Counter Strike 1.6 No Steam.lnk - C:\Program Files (x86)\Counter-Strike 1.6\hl.exe -nomaster -game cstrike
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6\Dedicated Server.lnk - C:\Program Files (x86)\Counter-Strike 1.6\hlds.exe -nomaster -game cstrike -insecure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6\Desinstalar o Counter-Strike 1.6.lnk - C:\Program Files (x86)\Counter-Strike 1.6\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6\Install Cheating-Death 4.32.0.lnk - C:\Program Files (x86)\Counter-Strike 1.6\C-D\cd-client-4_32_0-en.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Astah Community.lnk - C:\Program Files\astah-community\astah-com.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\crome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"=""
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6 folders=1 192206 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\user\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\user\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 15/07/2014 at 12:00:05,90 ======================

por BernardoKonzen Ter 15 Jul 2014, 12:08

Seria Los de Aplicativos?

por BernardoKonzen Ter 15 Jul 2014, 12:14

Log Malwarebytes

por BernardoKonzen Ter 15 Jul 2014, 12:15

Malwarebytes Log

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 08/07/2014
Hora da Verificação: 09:09:35
Logfile: MalwarebytesLOG.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.07.08.04
Rootkit Database: v2014.07.07.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: user

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 674954
Tempo Decorrido: 3 hr, 41 min, 48 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 0
(No malicious items detected)

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

por **Power Max** Ter 15 Jul 2014, 12:17

No seu log está constando a presença do Baidu antivirus, você quer removê-lo ou quer continuar com ele?

por BernardoKonzen Ter 15 Jul 2014, 12:22

Remover esse Baidu se instala sozinho parece. haha

por **Power Max** Ter 15 Jul 2014, 12:33

Baixe o programa IObit Uninstaller acessando este link abaixo e clicando no botão Free Download:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para usar corretamente o IObit Uninstaller siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Seguindo as dicas do tutorial acima, use o IObit Uninstaller para desinstalar o Baidu.

Depois disto nos diga se o Baidu foi removido.

por BernardoKonzen Ter 15 Jul 2014, 12:36

Certo! Mas em Desinstalar programas, ele não aparece! Ele seria um tipo de camaleão?

por **Power Max** Ter 15 Jul 2014, 12:37

Tente remover com o programa que te passei e veja se é possível. Se não for, a gente o remove manualmente.

por BernardoKonzen Ter 15 Jul 2014, 12:41

No IObit Uninstaller ele não esta aparecendo.

Posso ter enviado o log do malwarebytes antigo ou errado, vou passar ele novamente! Mas tenho certeza que esse é o ultimo log de verificação que eu tenho no Malwarebytes.

por BernardoKonzen Ter 15 Jul 2014, 12:55

Max eu usei esse texto no Zoek, peguei de outro tópico!

createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
chromelook;
Baidu;z
Baidu;a

o Baidu pode ter sido removido?

por **Power Max** Ter 15 Jul 2014, 13:24

Max eu usei esse texto no Zoek, peguei de outro tópico!

Este texto que você usou serviu para mostrar a localização do Baidu, mas não o remove.
___________________________________________________________________________

Baixe o Baidu no site oficial dele no endereço abaixo e o instale:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Depois disto você usa o Iobit Uninstaller para o remover seguindo as dicas daquele tutorial que lhe passei.

Depois nos diga se ele foi removido.

por BernardoKonzen Ter 15 Jul 2014, 15:44

Max baixei o Baidu como você me falou, mas não estou conseguindo desisntala ele com a ferramenta IObit Unistaller quando coloco para desisntalar a ferramenta se fexa!

por BernardoKonzen Ter 15 Jul 2014, 15:51

É só com o Baidu que ele se fecha, com outro software ele desinstala normal!

por BernardoKonzen Ter 15 Jul 2014, 16:05

Desinstalei ele pelo Painel de Controle > Programas > Desinstalar ou Alterar um programa, creio que não resolva o problema de pastas que o Baidu deixa, eu exclui 2 pastas que tinha no meu disco C:

por BernardoKonzen Ter 15 Jul 2014, 16:07

E passei o Ccleaner !

por **Power Max** Ter 15 Jul 2014, 16:39

* Inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro).

Quando o PC estiver no modo seguro desinstale com o Iobit como mostra o tutorial.

Depois disto nos diga o resultado.

por BernardoKonzen Ter 15 Jul 2014, 18:50

Certo! Agora o IObit excluiu o Baidu e o rastros que ele deixa como no tutorial!

por BernardoKonzen Ter 15 Jul 2014, 18:51

Vou iniciar a maquina normal agora.

por BernardoKonzen Ter 15 Jul 2014, 18:58

Max mais alguma dica para otimizar o meu pc? Passei os softwares otimizadores e antimalware que eu sabia..

por **Power Max** Ter 15 Jul 2014, 20:30

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por BernardoKonzen Qua 16 Jul 2014, 12:48

ZHPDiag relatório

~ Relatório do ZHPDiag v2014.7.16.105 - Nicolas Coolman (16/07/2014)
~ Iniciado por user (16/07/2014 12:41:07)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Internet Security v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.15

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 ActiveX
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 182 GB (39%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USER-PC
~ User Name: user
~ All Users Names: user, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 182 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 4/656
~ Mes musiques (My Musics) : 1/131
~ Mes Videos (My Videos) : 6/66
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 4/2169
~ Mon Bureau (My Desktop) : 6/99
~ Menu demarrer (Programs) : 1/62
~ Hidden Files: Scanned in 00mn 09s

---\\ Processos lançados
[MD5.A7A4FC2A500D90770BCCDB8A5427684B] - (.AMD - HydraDM.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216] [PID.2172]
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\user\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.2216]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54840] [PID.2744]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4086432] [PID.2752]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.4996]
[MD5.BCD68F99E6751218BE8D513BF24896F3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8076800] [PID.2476]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1204]
[MD5.D386D51B1839E208EF7CCFBFA964638E] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe [106488] [PID.1604]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1476]
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.276]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 03s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xwjsp4gf.default\prefs.js
M0 - MFSP: prefs.js [user - xwjsp4gf.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [user]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [user]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 03s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] . (.AMD - HydraDM.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-21-1151420866-3533708681-349064816-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1151420866-3533708681-349064816-1000\..\Run: [HydraVisionDesktopManager] . (.AMD - HydraDM.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKUS\S-1-5-21-1151420866-3533708681-349064816-1000\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKUS\S-1-5-21-1151420866-3533708681-349064816-1000\..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKUS\S-1-5-21-1151420866-3533708681-349064816-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] http.ogdev.net
O15 - Trusted Zone: [HKCU\...\Domains] http.sdo.com
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3400537-19E8-4C3F-B138-3863E07C09F7}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B3400537-19E8-4C3F-B138-3863E07C09F7}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B3400537-19E8-4C3F-B138-3863E07C09F7}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
~ Services: 10 Legitimates Filtered in 00mn 13s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{051589A9-FE0F-4EAD-BA76-5C671F35162A}] (...) -- E:\Nego preto\InstallIW4M -1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1262F153-5DA0-4507-B022-3A5AFFBE01A9}] (...) -- C:\users\user\AppData\Roaming\qone8\UninstallManager.exe (.not file.) [0] =>Hijacker.Qone8
[MD5.D83333A2164F4D7063753B50751ECC25] [APT] [{18A1D5CB-638C-4150-BC41-140C90266A6D}] (...) -- C:\Program Files (x86)\Priston Tale Brasil\PsTale.exe [1085440]
[MD5.00000000000000000000000000000000] [APT] [{1A09C873-7C46-4D17-9092-823E55694E85}] (...) -- G:\instalar.exe (.not file.) [0]
[MD5.544414C2C77518994F8B6C0019050E4B] [APT] [{2A560C07-C36E-4498-B641-909284552651}] (...) -- C:\Windows\untmv.exe [66592]
[MD5.00000000000000000000000000000000] [APT] [{310E0A64-26DC-4A9A-9642-B0866B3C4894}] (...) -- D:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5C271988-7682-49C2-B1EF-8B50765D012F}] (...) -- C:\users\user\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
O39 - APT: - (..) -- C:\Windows\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job [366]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 [366]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1151420866-3533708681-349064816-1000Core [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1151420866-3533708681-349064816-1000UA [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064]
O39 - APT: - (..) -- C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job [276]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator [276]
~ Scheduled Task: 33 Legitimates Filtered in 00mn 07s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 93 Legitimates Filtered in 00mn 01s

---\\ Software instalados (042)
O42 - Logiciel: AIKA - (.OnGame.) [HKCU][64Bits] -- AIKA
O42 - Logiciel: Astah Community 6.6.3 - (.Change Vision, Inc..) [HKLM][64Bits] -- astah* community_is1
O42 - Logiciel: Astah Community 6.8 - (.Change Vision, Inc..) [HKLM][64Bits] -- astah* community_is1
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Omerta - City of Gangsters - (.Haemimont Games.) [HKLM][64Bits] -- Steam App 208520
O42 - Logiciel: Priston Tale Brasil - (...) [HKLM][64Bits] -- Priston Tale Brasil
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Update for Funmoods Chat - (.Update for Funmoods Chat.) [HKCU][64Bits] -- Funmoods Chat =>PUP.Funmoods
~ Logic: 34 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\3DrunkMen]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\FMChat]
[HKCU\Software\LeNinjaZ]
[HKCU\Software\OnGame]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\RCBR]
[HKLM\Software\Wow6432Node\Triglow Pictures]
[HKLM\Software\Wow6432Node\UnitedAdmins]
[HKLM\Software\Wow6432Node\baidu]
[HKLM\Software\jumpshot.com]
~ Key Software: 447 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/07/2012 - 22:16:42 - [] ----D C:\Program Files (x86)\Apoio
O43 - CFD: 26/08/2012 - 22:58:09 - [] ----D C:\Program Files (x86)\astah-community
O43 - CFD: 15/07/2014 - 18:49:37 - [0] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 26/05/2014 - 11:33:54 - [0] ----D C:\Program Files (x86)\BeatTool
O43 - CFD: 13/07/2014 - 20:24:03 - [] ----D C:\Program Files (x86)\Browser Tab Search by Ask
O43 - CFD: 29/01/2014 - 14:07:51 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 09/07/2014 - 20:07:20 - [] ----D C:\Program Files (x86)\LeNinjaZ
O43 - CFD: 04/02/2014 - 15:12:18 - [] ----D C:\Program Files (x86)\Order Of War
O43 - CFD: 21/05/2014 - 17:37:06 - [] ----D C:\Program Files (x86)\Priston Tale Brasil
O43 - CFD: 20/03/2014 - 10:53:28 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 01/05/2014 - 10:41:00 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 04/04/2014 - 22:07:07 - [] ----D C:\Program Files (x86)\TotalPristonTale
O43 - CFD: 17/09/2013 - 03:06:55 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 15/07/2014 - 18:48:16 - [] ----D C:\ProgramData\baidu
O43 - CFD: 15/07/2014 - 18:48:24 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 08/08/2012 - 05:45:57 - [] ----D C:\ProgramData\levelup downloader
O43 - CFD: 15/07/2014 - 12:37:04 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 08/02/2014 - 14:07:27 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 16/04/2014 - 07:24:41 - [] ----D C:\Users\user\AppData\Roaming\360safe
O43 - CFD: 15/07/2014 - 15:33:28 - [] ----D C:\Users\user\AppData\Roaming\Baidu
O43 - CFD: 05/10/2013 - 14:02:13 - [] ----D C:\Users\user\AppData\Roaming\Baidu Security
O43 - CFD: 26/04/2014 - 16:39:48 - [0] ----D C:\Users\user\AppData\Roaming\FunmoodsChat =>PUP.Funmoods
O43 - CFD: 06/05/2014 - 21:35:53 - [] ----D C:\Users\user\AppData\Roaming\Omerta
O43 - CFD: 15/07/2014 - 12:37:45 - [] ----D C:\Users\user\AppData\Roaming\ProductData
O43 - CFD: 31/10/2012 - 00:44:43 - [] ----D C:\Users\user\AppData\Roaming\RCKR
O43 - CFD: 24/01/2014 - 16:39:49 - [] ----D C:\Users\user\AppData\Roaming\rcru
O43 - CFD: 01/10/2013 - 09:25:11 - [] ----D C:\Users\user\AppData\Roaming\VIVO INTERNET
O43 - CFD: 25/06/2014 - 02:13:47 - [] ----D C:\Users\user\AppData\Local\DayZ
O43 - CFD: 19/04/2014 - 20:42:47 - [] ----D C:\Users\user\AppData\Local\LeNinja Z - Game
O43 - CFD: 07/05/2014 - 14:45:22 - [] ----D C:\Users\user\AppData\Local\LeNinjaZ
O43 - CFD: 08/08/2012 - 05:45:57 - [] ----D C:\Users\user\AppData\Local\Level Up!
O43 - CFD: 30/06/2014 - 17:59:46 - [0] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIKA
O43 - CFD: 29/01/2014 - 14:07:51 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 10/01/2014 - 09:41:44 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 14/03/2014 - 04:46:52 - [0] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnGame
O43 - CFD: 08/10/2012 - 11:31:34 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 28/02/2013 - 12:10:59 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 20/03/2014 - 10:51:51 - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 274 Legitimates Filtered in 00mn 02s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D95E64416A4A3ED6986E0F474DA934BD] - 08/07/2014 - 09:04:42 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.9F275787AA5C2941C1BFB66EED98229D] - 10/07/2014 - 15:55:12 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [172922]
O44 - LFC:[MD5.9CB7DF42C148B393E8ECBEB076EFAC0A] - 10/07/2014 - 15:55:12 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [774052]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 15/07/2014 - 11:22:43 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.857091CF2B4210DD160843941CED0B7B] - 15/07/2014 - 11:24:18 ---A- . (...) -- C:\zoek-results2014-04-16-111048.log [23337]
O44 - LFC:[MD5.B400D0BA06639E4B8802DD3568E05EA2] - 15/07/2014 - 12:00:05 ---A- . (...) -- C:\zoek-results.log [32313]
O44 - LFC:[MD5.090CF1349C3CE8D234F84DB673A43570] - 15/07/2014 - 18:48:25 ---A- . (...) -- C:\Windows\ntbtlog.txt [59134]
~ Files: 64 Legitimates Filtered in 00mn 09s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:28/03/2014 - 11:24:22 R--A- . (.360.cn - 360杀毒文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:08/07/2014 - 09:04:42 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:09/03/2010 - 07:09:12 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\System32\Drivers\aswRdr.sys [28752]
O58 - SDL:08/07/2014 - 09:04:42 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:08/07/2014 - 09:04:42 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:16/04/2014 - 05:07:58 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:08/10/2010 - 16:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:11/04/2014 - 03:12:08 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [34304]
O58 - SDL:06/08/2010 - 07:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 86 Legitimates Filtered in 00mn 05s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 08/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 112 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{879F6021-BEA6-497D-9955-144F49057F63}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{C1947475-3137-4525-9A0F-DC2913635D57}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 04s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "BD04C21DD7DC68D42958E5F22E63394E" . (.SupraSavings.) -- c:\Windows\Installer\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}\icon64.ico =>PUP.SupraSavings
~ Update Products: 1 Legitimates Filtered in 00mn 00s

---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 1 Legitimates Filtered in 00mn 00s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crimsolite_RASAPI32 =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crimsolite_RASMANCS =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatecrimsolite_RASAPI32 =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatecrimsolite_RASMANCS =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilcrimsolite_RASAPI32 =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilcrimsolite_RASMANCS =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 330 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 28/07/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/07/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 15/07/2014 2175264 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 10/07/1658 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Demand 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\SysWOW64\IoctlSvc.exe
SS - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 11/07/2014 542912 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/12/2012 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 08/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 08/07/2014 106488 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\afwServ.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 12s

---\\ Scâner Aditional (088)
Database Version : 13026 - (16/07/2014)
Clés trouvées (Keys found) : 18
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Chat] =>PUP.Funmoods^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate] =>PUP.DealPly
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
C:\Users\user\AppData\Roaming\FunmoodsChat =>PUP.Funmoods^
~ Additionnel Scan: 759233 Items scanned in 02mn 48s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Qone8
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrimSolite
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BuzzSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 10 link(s) detected in 00mn 00s

~ 1106 Legitimates filtered by white list
End of the scan (549 lines in 04mn 45s)(0)

por **Power Max** Qua 16 Jul 2014, 13:14

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_____________________________________________________________________________________

Limpeza no PC. 772309

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em negrito abaixo para ser analisado:

C:\Windows\untmv.exe

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
__________________________________________________________________________________________________________

Limpeza no PC. 772309

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Limpeza no PC. 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

por Conteúdo patrocinado

Limpeza no PC.

Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Re: Limpeza no PC.

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30