HD TOP 1.8 & Video Media Play-Air.

Estou ha algum tempo tentando remover o HD TOP 1.8 & VIDEO MEDIA PLAY-AIR

mas o que consigo é: NADA

O que pode ser?

VLWW 

Olá.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.216 - Relatório criado 24/07/2014 às 15:37:58
# Atualizado 17/07/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : Nanci - NANCI-PC
# Executando de : C:\Users\Nanci\Documents\Rafaela\programas\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi
Pasta Deletada : C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma

***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v30.0 (pt-BR)

[ Arquivo : C:\Users\Nanci\AppData\Roaming\Mozilla\Firefox\Profiles\rwfgg01j.default\prefs.js ]


-\\ Google Chrome v

[ Arquivo : C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [30424 octets] - [24/07/2014 15:06:02]
AdwCleaner[R1].txt - [1279 octets] - [24/07/2014 15:36:08]
AdwCleaner[S0].txt - [27372 octets] - [24/07/2014 15:09:21]
AdwCleaner[S1].txt - [1193 octets] - [24/07/2014 15:37:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1253 octets] ##########

Poste, por gentileza, o outro relatório do Adwcleaner que está neste local:

C:\AdwCleaner\AdwCleaner[S0].txt

é esse mesmo,

fui fazendo os tópicos do outro post resolvido, e acho que boa parte foi limpo...

Será que ainda to acometida pelas doenças? Ou será que me curei?

Você postou este relatório:
C:\AdwCleaner\AdwCleaner[S1].txt

Mas o que precisamos é deste:
C:\AdwCleaner\AdwCleaner[S0].txt

opa, my bad

segue o correto

# AdwCleaner v3.216 - Relatório criado 24/07/2014 às 15:09:21
# Atualizado 17/07/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : Nanci - NANCI-PC
# Executando de : C:\Users\Nanci\Documents\Rafaela\programas\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
Serviço Deletada : IePluginService
Serviço Deletada : NewPlayerUpdaterService
Serviço Deletada : SupraSavingsService64

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\374311380
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IePluginService
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\lless2puay
Pasta Deletada : C:\ProgramData\RieguularDEals
Pasta Deletada : C:\ProgramData\SOftCouup
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Program Files (x86)\NewPlayer
Pasta Deletada : C:\Program Files (x86)\predm
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Program Files (x86)\Uninstaller
Pasta Deletada : C:\Program Files (x86)\lless2puay
Pasta Deletada : C:\Program Files (x86)\RieguularDEals
Pasta Deletada : C:\Program Files (x86)\SOftCouup
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\PCDApp
Pasta Deletada : C:\Program Files\SupraSavings
Pasta Deletada : C:\Users\Nanci\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Nanci\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Nanci\AppData\Roaming\Activeris
Pasta Deletada : C:\Users\Nanci\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Nanci\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\Nanci\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Nanci\AppData\Roaming\webssearches
Pasta Deletada : C:\Users\Nanci\Documents\Optimizer Pro
Pasta Deletada : C:\Users\Nanci\AppData\Roaming\Mozilla\Firefox\Profiles\rwfgg01j.default\Extensions\quick_start@gmail.com
Pasta Deletada : C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi
Pasta Deletada : C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Arquivo Deletada : C:\Users\Nanci\AppData\Roaming\Mozilla\Firefox\Profiles\rwfgg01j.default\user.js
Arquivo Deletada : C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Arquivo Deletada : C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Deletada : C:\Windows\Tasks\8669291c-6983-44a9-ab97-67e3709fd778-11.job
Arquivo Deletada : C:\Windows\System32\Tasks\8669291c-6983-44a9-ab97-67e3709fd778-11
Arquivo Deletada : C:\Windows\Tasks\8669291c-6983-44a9-ab97-67e3709fd778-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\8669291c-6983-44a9-ab97-67e3709fd778-3
Arquivo Deletada : C:\Windows\Tasks\8669291c-6983-44a9-ab97-67e3709fd778-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\8669291c-6983-44a9-ab97-67e3709fd778-6
Arquivo Deletada : C:\Windows\Tasks\8669291c-6983-44a9-ab97-67e3709fd778-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\8669291c-6983-44a9-ab97-67e3709fd778-7
Arquivo Deletada : C:\Windows\Tasks\bade339b-e26a-4476-aac5-6644d592be19-11.job
Arquivo Deletada : C:\Windows\System32\Tasks\bade339b-e26a-4476-aac5-6644d592be19-11
Arquivo Deletada : C:\Windows\Tasks\bade339b-e26a-4476-aac5-6644d592be19-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\bade339b-e26a-4476-aac5-6644d592be19-3

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerR_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerR_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\ReeGuularDeals.ReeGuularDeals
Chave Deletedo : HKLM\SOFTWARE\Classes\ReeGuularDeals.ReeGuularDeals.7.2
Chave Deletedo : HKLM\SOFTWARE\Classes\SoFtCOuup.SoFtCOuup
Chave Deletedo : HKLM\SOFTWARE\Classes\SoFtCOuup.SoFtCOuup.3.12
Chave Deletedo : HKLM\SOFTWARE\Classes\Less2pay.Less2pay
Chave Deletedo : HKLM\SOFTWARE\Classes\Less2pay.Less2pay.1.9
Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1A17B438-FF48-F52D-23F1-E38BB5772951}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1E293373-12C3-E604-E827-5FF0F0D807AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8D6EC39F-9FB0-0E6A-4466-9F72420CB840}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A17B438-FF48-F52D-23F1-E38BB5772951}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E293373-12C3-E604-E827-5FF0F0D807AE}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D6EC39F-9FB0-0E6A-4466-9F72420CB840}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A17B438-FF48-F52D-23F1-E38BB5772951}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E293373-12C3-E604-E827-5FF0F0D807AE}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D6EC39F-9FB0-0E6A-4466-9F72420CB840}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1A17B438-FF48-F52D-23F1-E38BB5772951}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1E293373-12C3-E604-E827-5FF0F0D807AE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8D6EC39F-9FB0-0E6A-4466-9F72420CB840}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{1A17B438-FF48-F52D-23F1-E38BB5772951}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{1E293373-12C3-E604-E827-5FF0F0D807AE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{8D6EC39F-9FB0-0E6A-4466-9F72420CB840}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\Software\FlvPlayer
Chave Deletedo : HKLM\Software\FreeSoftToday
Chave Deletedo : HKLM\Software\GlobalUpdate
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\PIP
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\video MediaPlay-Air
Chave Deletedo : HKLM\Software\webssearchesSoftware
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\video MediaPlay-Air
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : [x64] HKLM\SOFTWARE\Supra Savings
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16476

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (pt-BR)

[ Arquivo : C:\Users\Nanci\AppData\Roaming\Mozilla\Firefox\Profiles\rwfgg01j.default\prefs.js ]

Linha deletada : user_pref("browser.search.selectedEngine", "webssearches");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1403902475&from=tugs&uid=SAMSUNGXHM160HI_S18PJF0PC05258");
Linha deletada : user_pref("extensions.01pU12.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Linha deletada : user_pref("extensions.ejO_Kwhem.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.in[...]
Linha deletada : user_pref("extensions.ikxDjUzOf.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
Linha deletada : user_pref("extensions.irmysearch.aflt", "md_14_20_ie");
Linha deletada : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDyCtC0FtA0AtC0BtA0F0BzyzztAzytBtN0D0Tzu0SzzyCzztN1L2XzutBtFtBtDtFtCtAtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0F0BtB0EtBzz0AtGtD0FyE0[...]
Linha deletada : user_pref("extensions.irmysearch.cr", "1289121220");
Linha deletada : user_pref("extensions.irmysearch.instlRef", "140305_a");
Linha deletada : user_pref("iminent.LayoutId", "1");
Linha deletada : user_pref("iminent.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent.adapters", "{\"google\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1385043252172259200\"},\"blogger\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Status\":2[...]
Linha deletada : user_pref("iminent.registerToolbarEvent100", "1383584934314");
Linha deletada : user_pref("iminent.registerToolbarEvent101", "1383148100690");
Linha deletada : user_pref("iminent.registerToolbarEvent102", "1385004455583");
Linha deletada : user_pref("iminent.registerToolbarEvent109", "1385085908133");
Linha deletada : user_pref("iminent.registerToolbarEvent110", "1385085916240");
Linha deletada : user_pref("iminent.registerToolbarEvent111", "1385085908254");
Linha deletada : user_pref("iminent.registerToolbarEvent112", "1385085909982");
Linha deletada : user_pref("iminent.registerToolbarEvent122", "1385085908263");
Linha deletada : user_pref("iminent.registerToolbarEvent140", "1385005255775");
Linha deletada : user_pref("iminent.version", "7.47.2.1");
Linha deletada : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.41.2.1\",\"InstallEventCTime\":1382120597290,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1385078245702}");

-\\ Google Chrome v

[ Arquivo : C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : cdihkdldaicijakhchgojcokhpamkibi
Deletedo [Extension] : iagcajndpnfncplednpbnkahadegklfa
Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [30424 octets] - [24/07/2014 15:06:02]
AdwCleaner[S0].txt - [26990 octets] - [24/07/2014 15:09:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27051 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 24-07-2014
Tool run by Nanci on 25/07/2014 at 12:32:28,57.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nanci\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25/07/2014 12:35:08 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Nanci\AppData\Roaming\Mozilla\Firefox\Profiles\rwfgg01j.default\prefs.js:
user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
user_pref("keyword.URL", "http://br.yhs4.search.yahoo.com/yhs/search");

Added to C:\Users\Nanci\AppData\Roaming\Mozilla\Firefox\Profiles\rwfgg01j.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Nanci\AppData\Roaming\Mozilla\Firefox\Profiles\rwfgg01j.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines extensions.01pU12 removed from prefs.js ----
user_pref("extensions.01pU12.epoch", "1403954717");
user_pref("extensions.01pU12.url", "http://syncer-jpi.info/sync2/?q=hfZ9oeEGCchEAen0qHC6tMqLDe49CNU0nVsMCMlNhd9Fqda7rjUFqds7rHsMBzqUojw9rdgGqHwFrTkFpc
---- Lines extensions.ejO_Kwhem removed from prefs.js ----
user_pref("extensions.ejO_Kwhem.epoch", "1400326493");
user_pref("extensions.ejO_Kwhem.url", "http://foreveryshare.ru/sync2/?q=hfZ9oeFEAHnMCyVUojaMg708BNmGWj8ckShGheDUojw9rdkFrTwErjCGqGhIC7n0rjnEqjw7rjwHqd
---- Lines extensions.ikxDjUzOf removed from prefs.js ----
user_pref("extensions.ikxDjUzOf.epoch", "1402093456");
user_pref("extensions.ikxDjUzOf.url", "http://starrnice.eu/sync2/?q=hfZ9ofqMDyrMCyVUojC6qGhTB6lKDzt4oktitNtVh7n0rjnEqTa8rTaHrHrFtMFHhd9Fqda7rdkGrTsGqj
---- FireFox user.js and prefs.js backups ----

prefs_072014_1246_.backup

==== Deleting Files \ Folders ======================

C:\Users\Nanci\AppData\LocalLow\{1A17B438-FF48-F52D-23F1-E38BB5772951} deleted
C:\Users\Nanci\AppData\LocalLow\{1E293373-12C3-E604-E827-5FF0F0D807AE} deleted
C:\Users\Nanci\AppData\LocalLow\{8D6EC39F-9FB0-0E6A-4466-9F72420CB840} deleted
C:\Users\Nanci\AppData\Local\Packages\windows_ie_ac_001\AC\{1A17B438-FF48-F52D-23F1-E38BB5772951} deleted
C:\Users\Nanci\AppData\Local\Packages\windows_ie_ac_001\AC\{1E293373-12C3-E604-E827-5FF0F0D807AE} deleted
C:\Users\Nanci\AppData\Local\Packages\windows_ie_ac_001\AC\{8D6EC39F-9FB0-0E6A-4466-9F72420CB840} deleted
C:\PROGRA~3\714ebec1181b6aac deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\search_the_web.xml deleted
C:\PROGRA~2\video MediaPlay-Air deleted
C:\Users\Nanci\AppData\Roaming\FrameFun.ini deleted
C:\Users\Nanci\AppData\Local\MaxiGet Download Manager deleted
C:\Users\Nanci\Searches deleted
C:\windows\SysNative\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
"C:\Windows\Installer\1af31a.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"netsight@nielsen.com"="C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi" []

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Nanci\AppData\Roaming\Mozilla\Firefox\Profiles\rwfgg01j.default
D4A0F57017841F7E54B3E82B99064982 - C:\Users\Nanci\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
7EDD991C076F76CDF7C10B0487DEF155 - C:\Users\Nanci\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Users\Nanci\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Nanci\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin


==== Chrome Look ======================

CostMin - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbdpakgknjemfggpkpofangidddaahg
CostMin - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbdpakgknjemfggpkpofangidddaahg
video MediaPlay-Air - Nanci\AppData\Local\Google\Chrome\User Data\Default\Extensions\decglnkhpfoocpafihfbeodhgofefaoc
Google Wallet - Nanci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage-journal deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_valuedealshopper.com_0.localstorage deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_valuedealshopper.com_0.localstorage-journal deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_letssearch.com_0.localstorage deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_letssearch.com_0.localstorage-journal deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbdpakgknjemfggpkpofangidddaahg deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbdpakgknjemfggpkpofangidddaahg deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Extensions\decglnkhpfoocpafihfbeodhgofefaoc deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_decglnkhpfoocpafihfbeodhgofefaoc_0.localstorage deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_decglnkhpfoocpafihfbeodhgofefaoc_0.localstorage-journal deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_decglnkhpfoocpafihfbeodhgofefaoc_0 deleted successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\decglnkhpfoocpafihfbeodhgofefaoc deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\netsight@nielsen.com deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Nanci\Desktop\Dropbox.lnk - C:\Users\Nanci\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Nanci\Desktop\Morgana.lnk - C:\Users\Nanci\Documents\Morgana
C:\Users\Nanci\Desktop\Rafaela.lnk - C:\Users\Nanci\Documents\Rafaela
C:\Users\Nanci\Desktop\backup Nanci\Amostras de imagens.lnk -
C:\Users\Nanci\Desktop\backup Nanci\Organiz e Dinamiz Acervos Nanci PROJETO.pdf.lnk - C:\Users\Nanci\Desktop\backup Nanci\DOCUMENTOS Total\DOCUMENTAÇÃO\Organiz e Dinamiz Acervos PROJETO.pdf
C:\Users\Nanci\Desktop\backup Nanci\CÁTEDRA Total\ELIANA YUNES\PUC-ESPECIALIZAÇÃO METODOLOGIA\Atalho para AGENDA.doc.lnk -
C:\Users\Nanci\Desktop\backup Nanci\DOCUMENTOS Total\Acervo - Atalho.lnk - C:\Users\Nanci\Documents\Rafaela\Trabalho NN\Acervo.xlsx
C:\Users\Nanci\Desktop\backup Nanci\DOCUMENTOS Total\IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\Nanci\Desktop\backup Nanci\DOCUMENTOS Total\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Nanci\Desktop\backup Nanci\DOCUMENTOS Total\LATTES.lnk - C:\Users\Nanci\Documents\Rafaela\para RAFA
C:\Users\Nanci\Desktop\backup Nanci\DOCUMENTOS Total\Receitanet 1.04 .lnk - C:\Users\Nanci\Desktop\DOCUMENTOS Total\Windows\Receitanet.exe
C:\Users\Nanci\Desktop\backup Nanci\DOCUMENTOS Total\Receitanet Java 2010.02a.lnk - C:\Users\Nanci\Documents\DOCUMENTAÇÃO\Documentos Pessoais\Receitanet Java\receitanet.exe
C:\Users\Nanci\Desktop\backup Nanci\DOCUMENTOS Total\DOCUMENTAÇÃO\Nanci na internet\Atalho para Referências de minha produção.doc.lnk -
C:\Users\Nanci\Desktop\backup Nanci\DOCUMENTOS Total\DOCUMENTAÇÃO\RADOC\MODELORADOC meu em 2003.lnk -
C:\Users\Nanci\Desktop\backup Nanci\UFF Total\PROGRESSÃO PROF ASSOCIADO\DISCIPLINAS\AÇÃO CULTURAL\Atalho para Animação da leitura.doc.lnk -
C:\Users\Nanci\Desktop\backup Nanci\UFF Total\PROGRESSÃO PROF ASSOCIADO\ORIENTAÇÔES\HELENA RIBEIRO\HELLENA Memória\Atalho para MEMÓRIA.doc.lnk -
C:\Users\Nanci\Desktop\backup Nanci\UFF Total\PROGRESSÃO PROF ASSOCIADO\Outros projetos\UCBRANCO\Atalho para Trabalho de Gestão da Informação..lnk -
C:\Users\Nanci\Desktop\backup Nanci\UFF Total\UFF\DISCIPLINAS\AÇÃO CULTURAL\Atalho para Animação da leitura.doc.lnk -
C:\Users\Nanci\Desktop\backup Nanci\UFF Total\UFF\GERAL\Atalho para COLETA CAPES.lnk - C:\Users\Nanci\Documents\UFF\PPGCI\COLETA CAPES
C:\Users\Nanci\Desktop\backup Nanci\UFF Total\UFF\GERAL\RADOC\MODELORADOC meu em 2003.lnk - C:\Users\Nanci\Documents\Uff\RADOC e GED\MODELORADOC meu em 2003.doc
C:\Users\Nanci\Desktop\backup Nanci\UFF Total\UFF\PPGCI\Atalho para COLETA CAPES.lnk - C:\Users\Nanci\Documents\UFF\PPGCI\COLETA CAPES
C:\Users\Nanci\Desktop\backup Nanci\UFF Total\UFF\PPGCI\LINHA 1 PPGCI\Atalho para Ementas para minhas disciplinas set 2007 PPGCI novo.doc.lnk - C:\Users\Nanci\Documents\UFF\PPGCI\Ementas para minhas disciplinas set 2007 PPGCI novo.doc
C:\Users\Nanci\Desktop\backup Nanci\UFF Total\UFF\PPGCI\PPGCI palestra 12 abril\Atalho para Leitura PPGCI.doc.lnk - C:\Users\Nanci\Documents\UFF\PPGCI\Leitura PPGCI.doc
C:\Users\Nanci\Desktop\backup Nanci\UFF Total\UFF\PPGCI\PPGCI palestra 12 abril\Atalho para Sobre a apresentação no PPGCI 12 de abril 2006.doc.lnk -
C:\Users\Nanci\Desktop\backup Nanci\UFF Total\UFF\Pós-Lij\Recontos bibliografia Nanci.lnk -
C:\Users\Nanci\Desktop\IMAGENS\Minhas figuras\Minhas músicas\Amostra de música.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\Nanci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Nanci\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Nanci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Nanci\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Nanci\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar\TuxGuitar.lnk - C:\Program Files (x86)\TuxGuitar\tuxguitar.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk - C:\Program Files (x86)\Inkscape\inkscape.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Jewel Match 3.lnk - C:\Program Files (x86)\MyPlayCity.com\Jewel Match 3\Jewel Match 3.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE /recycle
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ragnarok.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sound Recorder.lnk -
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Nanci\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office PowerPoint 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Nanci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nanci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Nanci\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nanci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Nanci\AppData\Local\Mozilla\Firefox\Profiles\rwfgg01j.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=153 folders=27 10045874 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Nanci\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Nanci\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Nanci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 25/07/2014 at 12:54:10,63 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Nanci on 25/07/2014 at 13:49:42,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Nanci\AppData\Roaming\mozilla\firefox\profiles\rwfgg01j.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/07/2014 at 13:58:01,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.7.24.108 - Nicolas Coolman (24/07/2014)
~ Iniciado por Nanci (25/07/2014 14:33:53)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 30.0

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.05

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 15 Model 104 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1982 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 51 GB (34%) free of 149 GB

---\\ Modo de conexão ao sistema
~ Computer Name: NANCI-PC
~ User Name: Nanci
~ All Users Names: Nanci, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Nanci\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Nanci\AppData\Roaming\
~ %Desktop% : C:\Users\Nanci\Desktop\
~ %Favorites% : C:\Users\Nanci\Favorites\
~ %LocalAppData% : C:\Users\Nanci\AppData\Local\
~ %StartMenu% : C:\Users\Nanci\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 51 Go of 149 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/02/2013 - 03:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 14:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1412
~ Mes musiques (My Musics) : 23/305
~ Mes Videos (My Videos) : 1/168
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/13178
~ Mon Bureau (My Desktop) : 9/7118
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 30s



---\\ Processos lançados
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Users\Nanci\AppData\Local\Google\Update\GoogleUpdate.exe [136176] [PID.2672]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Nanci\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.2716]
[MD5.FE821F6FA60E9DF9FDEE69A23488BBAB] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896] [PID.2816]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.2572]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1332]
[MD5.80E04F074334739C96E1C08C331FB82D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8080384] [PID.2808]
[MD5.B1EA9681502EE57F87DB71D726288A5B] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1504]
[MD5.A06EFD4965F8A3F97A8C9A291D032678] - (.No owner - Inkjet Printer/Scanner/Fax Extended Servey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [116104] [PID.1548]
[MD5.04C1DCBB226C6AE647B794833CE3CEB6] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [135168] [PID.1732]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Nanci\AppData\Roaming\Mozilla\Firefox\Profiles\rwfgg01j.default\prefs.js
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (.not file.)
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Nanci\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1407041285-3537382001-3213572902-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Nanci\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A89994D2-E27C-4910-A3F1-22E0EFEC9131}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CCS\Services\Tcpip\..\{C80B2C7F-6CB2-4899-9715-94AB44FCB36C}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{A89994D2-E27C-4910-A3F1-22E0EFEC9131}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{C80B2C7F-6CB2-4899-9715-94AB44FCB36C}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CS2\Services\Tcpip\..\{A89994D2-E27C-4910-A3F1-22E0EFEC9131}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CS2\Services\Tcpip\..\{C80B2C7F-6CB2-4899-9715-94AB44FCB36C}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.43 201.17.0.74
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{0A7475CE-328F-4074-B03F-8E6FD15511F8}] (...) -- C:\Users\Nanci\Desktop\33333.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1C03FC26-D41C-4A7C-A374-28186B4A9A63}] (...) -- C:\Users\Nanci\Desktop\chip7.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{70A5447C-B271-4E37-8A50-E2972BF53618}] (...) -- C:\Users\Nanci\Desktop\15.56-nforce-winvista-win7-64bit-international-whql.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DC4E60EB-7022-4656-BF4D-D9075455E95B}] (...) -- C:\Users\Nanci\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
[MD5.00000000000000000000000000000000] [APT] [{DFD01029-F171-4BFF-9A75-C7AF54A2A16D}] (...) -- C:\Users\Nanci\Desktop\sp36079.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1407041285-3537382001-3213572902-1000Core [906]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1407041285-3537382001-3213572902-1000UA [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1407041285-3537382001-3213572902-1000Core [1026]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1407041285-3537382001-3213572902-1000UA [1078]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 03s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (netfilter64) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\netfilter64.sys
O41 - Driver: ({f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64) . (. - .) - C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys (.not file.)
~ Drivers: 87 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: HD-Top1.8 - (.HD-TopV1.8.) [HKLM][64Bits] -- HD-Top1.8
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 17 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ashongsoft]
[HKCU\Software\Baidu Security]
[HKCU\Software\GbAs]
[HKCU\Software\PCDataApp]
[HKCU\Software\SERPRO]
[HKLM\Software\74B569D3-F7FC-4C64-ABA2-63D320FCA1C5]
[HKLM\Software\Baidu Security]
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\NSCPID]
[HKLM\Software\Wow6432Node\PCDataApp]
~ Key Software: 160 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/06/2014 - 11:24:26 - [] ----D C:\Program Files (x86)\74B569D3-F7FC-4C64-ABA2-63D320FCA1C5
O43 - CFD: 05/05/2014 - 16:31:24 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 03/07/2014 - 16:05:54 - [] ----D C:\Program Files (x86)\HD-Top1.8
O43 - CFD: 18/09/2013 - 11:44:39 - [] ----D C:\Program Files (x86)\IRENDA 2012 JAVA
O43 - CFD: 21/05/2014 - 13:32:10 - [0] ----D C:\ProgramData\Baidu Security
O43 - CFD: 05/05/2014 - 16:36:45 - [] ----D C:\ProgramData\IconCache
O43 - CFD: 13/05/2012 - 23:22:10 - [] ----D C:\ProgramData\Oi
O43 - CFD: 26/02/2012 - 12:50:48 - [] ----D C:\ProgramData\{FD7CAB3E-E895-4E98-9D68-A307CC601204}
O43 - CFD: 17/05/2014 - 11:36:59 - [] ----D C:\Users\Nanci\AppData\Local\com
O43 - CFD: 23/04/2012 - 16:06:41 - [] ----D C:\Users\Nanci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 13/04/2014 - 19:53:16 - [] ----D C:\Users\Nanci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 13/04/2014 - 14:56:40 - [] ----D C:\Users\Nanci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 159 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 25/07/2014 - 12:32:09 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.38C965C2EE15C92E2E3E963585F0BA7B] - 25/07/2014 - 12:54:10 ---A- . (...) -- C:\zoek-results.log [22631]
~ Files: 7 Legitimates Filtered in 00mn 03s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{56c60ad4-26cf-11e3-bc4d-001e68094ff6}\AutoRun\command. (...) -- E:\iStudio.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:17/09/2012 - 19:58:30 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:12/06/2014 - 16:05:34 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [46376]
O58 - SDL:18/11/2006 - 09:49:52 ---A- . (.REDC - RICOH MMC Driver.) -- C:\Windows\System32\Drivers\rimmpx64.sys [52224]
O58 - SDL:16/11/2006 - 17:59:52 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspx64.sys [53760]
O58 - SDL:18/11/2006 - 13:07:48 ---A- . (.REDC - RICOH xD SM Driver.) -- C:\Windows\System32\Drivers\rixdpx64.sys [55296]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 55 Legitimates Filtered in 00mn 25s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 12/06/2014 - C:\Windows\System32\drivers\netfilter64.sys (netfilter64) .(.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - LEGACY_NETFILTER64
O64 - Services: CurCS - 03/09/2013 - C:\Windows\System32\drivers\truecrypt.sys (truecrypt) .(.TrueCrypt Foundation - TrueCrypt Driver.) - LEGACY_TRUECRYPT
~ Legacy: 85 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.BB6238586BD96A1BE0E20B9B6CD69F88] [SPRF][18/12/2012] (...) -- C:\ProgramData\E3EB9B3031.sys [88]
[MD5.74A9D4E5863A0E363A19ACF8F186E6C8] [SPRF][18/12/2012] (...) -- C:\ProgramData\KGyGaAvL.sys [2828]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{EF14A0E4-B9D0-4566-AA87-D7C4D5A9CC1F}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{13F38151-2043-47FC-A175-231DD1834618}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatewisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatewisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilwisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilwisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\video MediaPlay-Air-nova_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\video MediaPlay-Air-nova_RASMANCS =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASAPI32 =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASMANCS =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_Setup_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_Setup_RASMANCS =>PUP.Wisenwizard
~ BTK: 341 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 05/03/2007 110592 | (Com4Qlb) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
SS - | Demand 10/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 23/09/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 02/05/2006 135168 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 10/02/2009 116104 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 30/01/2009 364064 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s



---\\ Scâner Aditional (088)
Database Version : 13026 - (24/07/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings^
~ Additionnel Scan: 216332 Items scanned in 00mn 41s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Downware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ MSI: 6 link(s) detected in 00mn 00s



~ 701 Legitimates filtered by white list
End of the scan (425 lines in 02mn 24s)(0)

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em negrito abaixo para ser analisado:

C:\ProgramData\E3EB9B3031.sys

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_________________________________________________________________________________________

Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
[MD5.00000000000000000000000000000000] [APT] [{0A7475CE-328F-4074-B03F-8E6FD15511F8}] (...) -- C:\Users\Nanci\Desktop\33333.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1C03FC26-D41C-4A7C-A374-28186B4A9A63}] (...) -- C:\Users\Nanci\Desktop\chip7.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{70A5447C-B271-4E37-8A50-E2972BF53618}] (...) -- C:\Users\Nanci\Desktop\15.56-nforce-winvista-win7-64bit-international-whql.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DC4E60EB-7022-4656-BF4D-D9075455E95B}] (...) -- C:\Users\Nanci\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
[MD5.00000000000000000000000000000000] [APT] [{DFD01029-F171-4BFF-9A75-C7AF54A2A16D}] (...) -- C:\Users\Nanci\Desktop\sp36079.exe (.not file.) [0]
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64) . (. - .) - C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys (.not file.)
O42 - Logiciel: HD-Top1.8 - (.HD-TopV1.8.) [HKLM][64Bits] -- HD-Top1.8
[HKCU\Software\Baidu Security]
[HKCU\Software\PCDataApp]
[HKLM\Software\Baidu Security]
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\PCDataApp]
O43 - CFD: 05/05/2014 - 16:31:24 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 03/07/2014 - 16:05:54 - [] ----D C:\Program Files (x86)\HD-Top1.8
O43 - CFD: 21/05/2014 - 13:32:10 - [0] ----D C:\ProgramData\Baidu Security
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatewisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatewisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilwisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilwisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\video MediaPlay-Air-nova_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\video MediaPlay-Air-nova_RASMANCS =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASAPI32 =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASMANCS =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_RASMANCS =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_Setup_RASAPI32 =>PUP.Wisenwizard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_Setup_RASMANCS =>PUP.Wisenwizard
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
ShortcutFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

o arquivo

E3EB9B3031.sys

nao esta no diretorio q vc mencionou, procurei no pc e nao está em nenhum outro local

Siga então o restante das dicas que te passei e poste o relatório do ZHPFix.

Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Nanci at 29/07/2014 16:47:47
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\hd-top1.8\uninstall.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HD-Top1.8]
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\PCDataApp
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\SupraSavings
ELIMINÉ: HKLM\Software\Wow6432Node\PCDataApp
ELIMINÉ:* CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatewisenwizard_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatewisenwizard_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilwisenwizard_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilwisenwizard_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\video MediaPlay-Air-nova_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\video MediaPlay-Air-nova_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_Setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wisenwizard_Setup_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (129) (4.270.013 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {0A7475CE-328F-4074-B03F-8E6FD15511F8}
ELIMINÉ: {1C03FC26-D41C-4A7C-A374-28186B4A9A63}
ELIMINÉ: {70A5447C-B271-4E37-8A50-E2972BF53618}
ELIMINÉ: {DC4E60EB-7022-4656-BF4D-D9075455E95B}
ELIMINÉ: {DFD01029-F171-4BFF-9A75-C7AF54A2A16D}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
34 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Softwares
5 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 46s

========== Caminho do ficheiro do relatório ==========
C:\Users\Nanci\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/07/2014 16:47:51 [3746]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.7.24.108 - Nicolas Coolman (24/07/2014)
~ Iniciado por Nanci (29/07/2014 18:23:36)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 30.0

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.05

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 15 Model 104 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1982 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 51 GB (34%) free of 149 GB

---\\ Modo de conexão ao sistema
~ Computer Name: NANCI-PC
~ User Name: Nanci
~ All Users Names: Nanci, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Nanci\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Nanci\AppData\Roaming\
~ %Desktop% : C:\Users\Nanci\Desktop\
~ %Favorites% : C:\Users\Nanci\Favorites\
~ %LocalAppData% : C:\Users\Nanci\AppData\Local\
~ %StartMenu% : C:\Users\Nanci\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 51 Go of 149 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/02/2013 - 03:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 14:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1412
~ Mes musiques (My Musics) : 23/305
~ Mes Videos (My Videos) : 1/168
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/13146
~ Mon Bureau (My Desktop) : 9/7118
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 48s



---\\ Processos lançados
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Nanci\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.2428]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3864]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.3312]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.3408]
[MD5.1938AF3906C6241CDB5BB14C417E9E15] - (.Microsoft Corporation - Microsoft Office Word.) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.exe [409776] [PID.1320]
[MD5.864B19A9FF68F5437C6EDDC2F0DDCD2E] - (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.exe [18372272] [PID.3428]
[MD5.36AAD6213B2EEB06A453625C75683FA3] - (.Microsoft Corporation - Preview Handler Surrogate Host.) -- C:\Windows\SysWOW64\prevhost.exe [31232] [PID.3128]
[MD5.80E04F074334739C96E1C08C331FB82D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8080384] [PID.2188]
[MD5.B1EA9681502EE57F87DB71D726288A5B] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1456]
[MD5.A06EFD4965F8A3F97A8C9A291D032678] - (.No owner - Inkjet Printer/Scanner/Fax Extended Servey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [116104] [PID.1544]
[MD5.04C1DCBB226C6AE647B794833CE3CEB6] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [135168] [PID.1712]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Nanci\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 04s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Nanci\AppData\Roaming\Mozilla\Firefox\Profiles\rwfgg01j.default\prefs.js
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (.not file.)
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Nanci\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1407041285-3537382001-3213572902-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Nanci\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A89994D2-E27C-4910-A3F1-22E0EFEC9131}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CCS\Services\Tcpip\..\{C80B2C7F-6CB2-4899-9715-94AB44FCB36C}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{A89994D2-E27C-4910-A3F1-22E0EFEC9131}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{C80B2C7F-6CB2-4899-9715-94AB44FCB36C}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CS2\Services\Tcpip\..\{A89994D2-E27C-4910-A3F1-22E0EFEC9131}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CS2\Services\Tcpip\..\{C80B2C7F-6CB2-4899-9715-94AB44FCB36C}: DhcpNameServer = 201.17.0.43 201.17.0.74
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.43 201.17.0.74
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1407041285-3537382001-3213572902-1000Core [906]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1407041285-3537382001-3213572902-1000UA [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1407041285-3537382001-3213572902-1000Core [1026]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1407041285-3537382001-3213572902-1000UA [1078]
~ Scheduled Task: 9 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (netfilter64) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\netfilter64.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64) . (. - .) - C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 16 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ashongsoft]
[HKCU\Software\GbAs]
[HKCU\Software\SERPRO]
[HKLM\Software\74B569D3-F7FC-4C64-ABA2-63D320FCA1C5]
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\HD-Top1.8]
[HKLM\Software\Wow6432Node\NSCPID]
~ Key Software: 152 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/06/2014 - 11:24:26 - [] ----D C:\Program Files (x86)\74B569D3-F7FC-4C64-ABA2-63D320FCA1C5
O43 - CFD: 18/09/2013 - 11:44:39 - [] ----D C:\Program Files (x86)\IRENDA 2012 JAVA
O43 - CFD: 05/05/2014 - 16:36:45 - [] ----D C:\ProgramData\IconCache
O43 - CFD: 13/05/2012 - 23:22:10 - [] ----D C:\ProgramData\Oi
O43 - CFD: 26/02/2012 - 12:50:48 - [] ----D C:\ProgramData\{FD7CAB3E-E895-4E98-9D68-A307CC601204}
O43 - CFD: 17/05/2014 - 11:36:59 - [] ----D C:\Users\Nanci\AppData\Local\com
O43 - CFD: 23/04/2012 - 16:06:41 - [] ----D C:\Users\Nanci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 13/04/2014 - 19:53:16 - [] ----D C:\Users\Nanci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 13/04/2014 - 14:56:40 - [] ----D C:\Users\Nanci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 156 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 25/07/2014 - 12:32:09 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.38C965C2EE15C92E2E3E963585F0BA7B] - 25/07/2014 - 12:54:10 ---A- . (...) -- C:\zoek-results.log [22631]
~ Files: 7 Legitimates Filtered in 00mn 03s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{56c60ad4-26cf-11e3-bc4d-001e68094ff6}\AutoRun\command. (...) -- E:\iStudio.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:17/09/2012 - 19:58:30 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:12/06/2014 - 16:05:34 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [46376]
O58 - SDL:18/11/2006 - 09:49:52 ---A- . (.REDC - RICOH MMC Driver.) -- C:\Windows\System32\Drivers\rimmpx64.sys [52224]
O58 - SDL:16/11/2006 - 17:59:52 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspx64.sys [53760]
O58 - SDL:18/11/2006 - 13:07:48 ---A- . (.REDC - RICOH xD SM Driver.) -- C:\Windows\System32\Drivers\rixdpx64.sys [55296]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 55 Legitimates Filtered in 00mn 50s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 12/06/2014 - C:\Windows\System32\drivers\netfilter64.sys (netfilter64) .(.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - LEGACY_NETFILTER64
O64 - Services: CurCS - 03/09/2013 - C:\Windows\System32\drivers\truecrypt.sys (truecrypt) .(.TrueCrypt Foundation - TrueCrypt Driver.) - LEGACY_TRUECRYPT
~ Legacy: 85 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.BB6238586BD96A1BE0E20B9B6CD69F88] [SPRF][18/12/2012] (...) -- C:\ProgramData\E3EB9B3031.sys [88]
[MD5.74A9D4E5863A0E363A19ACF8F186E6C8] [SPRF][18/12/2012] (...) -- C:\ProgramData\KGyGaAvL.sys [2828]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{EF14A0E4-B9D0-4566-AA87-D7C4D5A9CC1F}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{13F38151-2043-47FC-A175-231DD1834618}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 327 Legitimates Filtered in 00mn 01s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 05/03/2007 110592 | (Com4Qlb) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
SS - | Demand 10/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 23/09/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 02/05/2006 135168 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 10/02/2009 116104 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 30/01/2009 364064 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 15s



---\\ Scâner Aditional (088)
Database Version : 13026 - (24/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 216213 Items scanned in 00mn 54s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 673 Legitimates filtered by white list
End of the scan (391 lines in 03mn 45s)(0)

No momento estou no celular, mas amanhã te passo o Script para remover os problemas encontrados pelo ZHPDiag, OK?

Ok, sem problemas, vlw!

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

C:\ProgramData\E3EB9B3031.sys;virustotal

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]
________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64) . (. - .) - C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys (.not file.)
[HKLM\Software\Wow6432Node\HD-Top1.8]
ShortcutFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o log do Zoek que estará em C:\zoek-results.txt

Tópico Arquivado!

Se vc é o autor deste Tópico e deseja o desbloqueio,basta enviar um Mensagem Privada a um Moderador e solicitar o desbloqueio.