HD mostra-se cheio repentinamente

Boa tarde a todos.

O HD do meu desktop sempre teve muito espaço sobrando.
Agora, em "propriedades", vejo que está praticamente cheio sem que eu tenha feito nada pra que isto ocorresse.
São 250 GB de capacidade, dos quais disponho agora só de pouco mais de 1 GB. Sei que a informação é falsa.
Que me dizem?

Grato.

José Luis.

 Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.7.30.111 - Nicolas Coolman (30/07/2014)
~ Iniciado por JOSE LUIS (31/07/2014 18:23:32)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 1 GB (0%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: JOSELUIS-DESKT
~ User Name: JOSE LUIS
~ All Users Names: JOSE LUIS, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\JOSE LUIS\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\JOSE LUIS\AppData\Roaming\
~ %Desktop% : C:\Users\JOSE LUIS\Desktop\
~ %Favorites% : C:\Users\JOSE LUIS\Favorites\
~ %LocalAppData% : C:\Users\JOSE LUIS\AppData\Local\
~ %StartMenu% : C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 1 Go of 233 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: 42 Scanned in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Windows Explorer.) (.10/04/2009 - 23:27:38.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.18/01/2008 - 23:33:38.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.61D9AD9E55D7A1E10C0EF701ADE1C486] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/06/2014 - 20:02:16.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.10/04/2009 - 23:28:14.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.F5272A105F59A7B3B345D9D6D87DA7AD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:53:22.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/04/2009 - 23:32:28.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.18/01/2008 - 21:28:04.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/04/2009 - 21:39:18.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 11:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/04/2009 - 21:42:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Driver de porta i8042.) (.18/01/2008 - 21:49:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.18/01/2008 - 21:56:30.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 10:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.10/04/2009 - 21:45:38.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.03/03/2013 - 16:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Driver de porta paralela.) (.18/01/2008 - 21:49:34.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.18/01/2008 - 21:56:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 06:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.10/04/2009 - 21:45:24.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.10/04/2009 - 21:45:58.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/08/2012 - 08:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2629
~ Mes musiques (My Musics) : 1/4415
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/75
~ Mes Documents (My Documents) : 2/13964
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 26s



---\\ Processos lançados
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.3508]
[MD5.806DB5F4FC5185AFC608E881979CC25F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.3524]
[MD5.D4975555E91636FCF4809E51731F80D8] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [166424] [PID.3532]
[MD5.CD12A46AE81306C2F14B19A58E1058B0] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [133656] [PID.3540]
[MD5.0AE3673E1C450359490CF47D6AA3AF7F] - (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176] [PID.3632]
[MD5.7AF5A466CF4AECA28E3DCBCF5B6FD220] - (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152] [PID.3752]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512] [PID.3784]
[MD5.2218928CF528D7BC295B1B4C69E9846C] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.3844]
[MD5.04F6CBD2BDAB19480F82AB255E56E9DB] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe [151552] [PID.3856]
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896] [PID.3884]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3912]
[MD5.E5C98FB98FA1C6B618695B6B07240604] - (.Nokia - Nokia PC Internet Access.) -- C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [544768] [PID.3936]
[MD5.F14219FC767F1383526AB423F278A8E3] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [210520] [PID.3972]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.4000]
[MD5.2D821AFA5A1A9CA7F9F997A1AAD09E72] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe [168960] [PID.2424]
[MD5.8BEB7107A0CE4BB1C4F7294C377DF3E9] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [256536] [PID.2664]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.2512]
[MD5.FEDDD3579FEE51A9873D856DF3933C68] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [151552] [PID.3412]
[MD5.C8BC9A2DC599F1A52DC6B42FDD47B01E] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632] [PID.5188]
[MD5.340636A9D4F9B9449AA9AFF60BD1AEF6] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [511872] [PID.504]
[MD5.08ED70F000508724BAF881AA07C21BE1] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [758000] [PID.5836]
[MD5.B3593D56E802DE2C61B755B85669B2B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8083968] [PID.8696]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.8624]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.60.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.60.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.60.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=16.0.2.32] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- c:\program files\real\realplayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprndlchromebrowserrecordext;version=1.3.2] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
P2 - FPN: [HKLM] [@real.com/nprndlhtml5videoshim;version=1.3.2] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprndlpepperflashvideoshim;version=1.3.2] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpplugin;version=16.0.2.32] - (.RealPlayer - RealPlayer Download Plugin.) -- c:\program files\real\realplayer\Netscape6\nprpplugin.dll
P2 - FPN: [HKLM] [@realnetworks.com/npdlplugin;version=1] - (.RealDownloader - RealDownloader Plugin.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.10.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
~ Firefox Browser: 13 Scanned in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.10.) (No version) -- (.not file.)
~ IE Browser: 9 Scanned in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealDownloader - RealPlayer Download and Record Plugin.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} . (.pdfforge GmbH - PDF Architect Helper.) -- C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SearchSnacks - {7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} Chave orfã
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll
~ BHO: 16 Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] C:\Users\JOSELU~1\AppData\Local\Temp\cis34B0.exe (.not file.)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Aplicativo de Configuração do Serviço de co.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [NokiaPCInternetAccess] . (.Nokia - Nokia PC Internet Access.) -- C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Chave orfã
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Chave orfã
O4 - HKUS\S-1-5-21-644814064-753680641-2794751463-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-644814064-753680641-2794751463-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-644814064-753680641-2794751463-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Aplicativo de Configuração do Serviço de co.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-644814064-753680641-2794751463-1000\..\Run: [NokiaPCInternetAccess] . (.Nokia - Nokia PC Internet Access.) -- C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Chave orfã
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Winsock: 6 Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F2865E6-9235-407C-9D1C-0BDA5ACAB9D8}: DhcpNameServer = 201.6.2.77 201.6.2.167
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F2865E6-9235-407C-9D1C-0BDA5ACAB9D8}: DhcpNameServer = 201.6.2.77 201.6.2.167
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F2865E6-9235-407C-9D1C-0BDA5ACAB9D8}: DhcpNameServer = 201.6.2.77 201.6.2.167
O17 - HKLM\System\CS3\Services\Tcpip\..\{3F2865E6-9235-407C-9D1C-0BDA5ACAB9D8}: DhcpNameServer = 201.6.2.77 201.6.2.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.77 201.6.2.167
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Monitor de Sites.) -- C:\Windows\System32\webcheck.dll
~ SSODL: 1 Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PDF Architect Helper Service (PDF Architect Helper Service) . (.pdfforge GmbH - PDF Architect Helper Service.) - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service (PDF Architect Service) . (.pdfforge GmbH - PDF Architect Conversion Service.) - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: RealNetworks Downloader Resolver Service (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Search Snacks Client Service (sssvc) . (...) - C:\Program Files\SearchSnacks\Service\sssvc.exe (.not file.)
~ Services: 8 Scanned in 00mn 05s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.A6B6AB9502B63F43A9A56AE6AFB22078] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [262320]
[MD5.9E76CDD50C3DDDB739150D778EEC0B93] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [804304]
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176]
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176]
[MD5.490D5ADBC56297DB10BC57496C14C357] [APT] [RealPlayerRealUpgradeLogonTaskS-1-5-21-644814064-753680641-2794751463-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [187984]
[MD5.490D5ADBC56297DB10BC57496C14C357] [APT] [RealPlayerRealUpgradeScheduledTaskS-1-5-21-644814064-753680641-2794751463-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [187984]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1058]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1062]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 12 Scanned in 00mn 03s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\system32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\system32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\Windows\system32\Macromed\Flash\Flash32_14_0_0_145.ocx
~ Active Setup: 12 Scanned in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (AswRdr) . (.AVAST Software - avast! TDI Redirect Driver.) - C:\Windows\system32\drivers\aswRdr.sys
O41 - Driver: (aswSnx) . (.AVAST Software - avast! Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys
O41 - Driver: (aswSP) . (.AVAST Software - avast! self protection module.) - C:\Windows\system32\drivers\aswSP.sys
O41 - Driver: (aswTdi) . (.AVAST Software - avast! TDI Filter Driver.) - C:\Windows\system32\drivers\aswTdi.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Driver de porta i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Driver de Classe de Teclado.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Driver de classe modem.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: (ssnfd) . (.Search Snacks - Search Snacks Driver x86.) - C:\Windows\System32\drivers\ssnfd.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: ({6c0944d8-b49f-4f69-8ce8-524e562a2250}Gt) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gt.sys =>PUP.LinkiDoo
O41 - Driver: (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (Tcpip) . (.Microsoft Corporation - TCP/IP Driver.) - C:\Windows\System32\drivers\tcpip.sys
~ Drivers: 94 Scanned in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {A80FA752-C491-4ED9-ABF0-4278563160B2}
O42 - Logiciel: Adobe Flash Player 14 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 14 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader X (10.1.10) - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-AA1000000001}
O42 - Logiciel: Assistente Pimaco + - (.Pimaco Autoadesivos Ltda.) [HKLM] -- Assistente Pimaco +
O42 - Logiciel: Google Drive - (.Google, Inc..) [HKLM] -- {75939021-3B68-419D-8DC1-E9823BFF9658}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Customer Participation Program 9.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Imaging Device Functions 9.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP OCR Software 9.0 - (.HP.) [HKLM] -- HPOCR
O42 - Logiciel: HP Photosmart All-In-One Software 9.0 - (.HP.) [HKLM] -- {B09BCBF6-87EE-4403-A336-3A9510856535} =>.Hewlett-Packard Co
O42 - Logiciel: HP Photosmart Essential 2.01 - (.HP.) [HKLM] -- HP Photosmart Essential =>.Hewlett-Packard Co
O42 - Logiciel: HP Product Assistant - (.Hewlett-Packard.) [HKLM] -- {36FDBE6E-6684-462B-AE98-9A39A1B200CC}
O42 - Logiciel: HP Solution Center 9.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}
O42 - Logiciel: HPDiagnosticAlert - (.Microsoft.) [HKLM] -- {846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}
O42 - Logiciel: HPSSupply - (.Nome de sua empresa:.) [HKLM] -- {487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (...) [HKLM] -- HDMI
O42 - Logiciel: Java 7 Update 60 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F03217060FF}
O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Motorola SM56 Speakerphone Modem - (.Motorola Inc.) [HKLM] -- SMSERIAL
O42 - Logiciel: Nokia Connectivity Cable Driver - (...) [HKLM] -- {BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}
O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.) [HKLM] -- {52675D00-AD10-49F7-B129-BEA9FED1C610}
O42 - Logiciel: Nokia PC Internet Access - (.Nokia.) [HKLM] -- Nokia PC Internet Access
O42 - Logiciel: Nokia PC Internet Access - (.Nokia.) [HKLM] -- {990C7C7E-7E53-49A1-9766-5369E17892BB}
O42 - Logiciel: OMNIKEY 3x21 PC/SC Driver - (.OMNIKEY.) [HKLM] -- {4DDEADA8-25B8-41CB-9989-8F16D50A8E9C}
O42 - Logiciel: PC Connectivity Solution Lite - (.Nokia.) [HKLM] -- {CC1ACF58-CD2D-4F36-9195-F13D13962E15}
O42 - Logiciel: PC-CCID - (.Gemalto.) [HKLM] -- {BD3068DE-D53B-4CE8-B2BC-32E1323441CD}
O42 - Logiciel: PDF Architect - (.pdfforge GmbH.) [HKLM] -- {064A929A-4DE8-40CF-A901-BD40C14E4D25}
O42 - Logiciel: PDFCreator - (.pdfforge.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
O42 - Logiciel: Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) - (.Nokia.) [HKLM] -- 504244733D18C8F63FF584AEB290E3904E791693
O42 - Logiciel: RealDownloader - (.RealNetworks, Inc..) [HKLM] -- {3DC873BB-FFE3-46BF-9701-26B9AE371F9F}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 16.0
O42 - Logiciel: RealUpgrade 1.1 - (.RealNetworks, Inc..) [HKLM] -- {28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {5A063474-AD9D-4AFE-8CCF-A076ACDF8FD7}
O42 - Logiciel: Search Snacks - (.Search Snacks.) [HKLM] -- SearchSnacks
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Skype™ 6.11 - (.Skype Technologies S.A..) [HKLM] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
O42 - Logiciel: avast! Free Antivirus v9.0.2018 - (.Avast Software.) [HKLM] -- avast
~ Logic: 36 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avast Software]
[HKCU\Software\Baidu Security]
[HKCU\Software\CDDB]
[HKCU\Software\CDS]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Dnldstr_Aggregator]
[HKCU\Software\GbPlugin]
[HKCU\Software\Gemalto]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\Iris]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Motorola]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Nokia]
[HKCU\Software\Northcode Inc]
[HKCU\Software\ODBC]
[HKCU\Software\PDF Architect]
[HKCU\Software\PDFCreator]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Skype]
[HKCU\Software\ZebHelpProcess Helper]
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AVAST Software]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\ComodoGroup]
[HKLM\Software\Google]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\ICE]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Macromedia]
[HKLM\Software\Motorola]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nokia]
[HKLM\Software\ODBC]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\PCSuite]
[HKLM\Software\PDFCreator]
[HKLM\Software\Policies]
[HKLM\Software\RealNetworks]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\Symantec]
[HKLM\Software\Volatile]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\baidu]
[HKLM\Software\mozilla.org]
~ Key Software: 157 Scanned in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/01/2014 - 12:35:06 - [] ----D C:\Program Files\A.E.T. Europe B.V
O43 - CFD: 28/02/2013 - 13:22:13 - [] ----D C:\Program Files\Adobe
O43 - CFD: 27/02/2013 - 12:25:38 - [] -SH-D C:\Program Files\Arquivos Comuns
O43 - CFD: 27/02/2013 - 18:57:33 - [] ----D C:\Program Files\AVAST Software
O43 - CFD: 29/05/2014 - 13:59:00 - [] ----D C:\Program Files\Common Files
O43 - CFD: 17/07/2013 - 16:52:01 - [] ----D C:\Program Files\Comodo
O43 - CFD: 27/02/2014 - 20:23:49 - [] ----D C:\Program Files\DIFX
O43 - CFD: 26/05/2014 - 16:30:56 - [] ----D C:\Program Files\GbPlugin
O43 - CFD: 28/01/2014 - 12:24:06 - [] ----D C:\Program Files\Gemalto
O43 - CFD: 28/05/2014 - 11:43:08 - [] ----D C:\Program Files\Google
O43 - CFD: 28/02/2013 - 17:52:43 - [0] ----D C:\Program Files\Hewlett-Packard
O43 - CFD: 28/02/2013 - 17:57:21 - [] ----D C:\Program Files\HP
O43 - CFD: 03/04/2014 - 14:28:42 - [] --H-D C:\Program Files\InstallJammer Registry
O43 - CFD: 10/07/2014 - 12:23:29 - [] ----D C:\Program Files\Internet Explorer
O43 - CFD: 29/05/2014 - 13:57:22 - [] ----D C:\Program Files\Java
O43 - CFD: 04/02/2014 - 11:00:14 - [] ----D C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 02/11/2006 - 09:37:34 - [] ----D C:\Program Files\Microsoft Games
O43 - CFD: 07/03/2013 - 08:09:51 - [] ----D C:\Program Files\Microsoft Office
O43 - CFD: 03/03/2013 - 14:17:21 - [] ----D C:\Program Files\Microsoft Works
O43 - CFD: 01/03/2013 - 12:02:26 - [] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 27/02/2013 - 21:31:26 - [] ----D C:\Program Files\Motorola
O43 - CFD: 28/02/2013 - 12:55:42 - [] ----D C:\Program Files\Movie Maker
O43 - CFD: 27/05/2014 - 19:30:13 - [] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 02/11/2006 - 09:37:34 - [] ----D C:\Program Files\MSBuild
O43 - CFD: 01/03/2013 - 02:54:19 - [0] ----D C:\Program Files\MSXML 4.0
O43 - CFD: 27/02/2014 - 20:23:51 - [] ----D C:\Program Files\Nokia
O43 - CFD: 15/03/2013 - 11:52:53 - [] ----D C:\Program Files\OMNIKEY
O43 - CFD: 17/07/2014 - 13:00:06 - [] ----D C:\Program Files\PC Connectivity Solution
O43 - CFD: 11/03/2014 - 14:22:39 - [] ----D C:\Program Files\PDF Architect
O43 - CFD: 11/03/2014 - 14:56:40 - [] ----D C:\Program Files\PDFCreator
O43 - CFD: 03/04/2014 - 14:29:05 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 05/07/2013 - 10:14:48 - [] ----D C:\Program Files\Real
O43 - CFD: 05/07/2013 - 09:49:19 - [] ----D C:\Program Files\RealNetworks
O43 - CFD: 02/11/2006 - 09:37:34 - [] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 25/02/2014 - 12:24:02 - [] R---D C:\Program Files\Skype
O43 - CFD: 02/11/2006 - 10:01:55 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 28/02/2013 - 01:10:12 - [] ----D C:\Program Files\Windows Calendar
O43 - CFD: 28/02/2013 - 01:10:11 - [] ----D C:\Program Files\Windows Collaboration
O43 - CFD: 28/02/2013 - 01:10:09 - [] ----D C:\Program Files\Windows Defender
O43 - CFD: 10/07/2014 - 12:23:32 - [] ----D C:\Program Files\Windows Journal
O43 - CFD: 28/02/2013 - 12:55:48 - [] ----D C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 28/02/2013 - 12:55:48 - [] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 27/02/2013 - 12:25:38 - [] ----D C:\Program Files\Windows NT
O43 - CFD: 28/02/2013 - 01:10:10 - [] ----D C:\Program Files\Windows Photo Gallery
O43 - CFD: 28/02/2013 - 12:55:46 - [] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 28/02/2013 - 01:10:11 - [] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 18/02/2014 - 17:01:31 - [] --H-D C:\Program Files\Zero G Registry
O43 - CFD: 31/07/2014 - 18:22:58 - [] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 28/02/2013 - 13:23:00 - [] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 15/05/2014 - 12:03:32 - [] ----D C:\Program Files\Common Files\DESIGNER
O43 - CFD: 28/02/2013 - 17:52:18 - [] ----D C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD: 28/02/2013 - 17:53:50 - [] ----D C:\Program Files\Common Files\HP
O43 - CFD: 29/05/2014 - 13:59:00 - [] ----D C:\Program Files\Common Files\Java
O43 - CFD: 03/03/2013 - 14:23:19 - [] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 02/11/2006 - 08:18:33 - [] ----D C:\Program Files\Common Files\Services
O43 - CFD: 27/02/2013 - 12:25:38 - [] -SH-D C:\Program Files\Common Files\Sistema
O43 - CFD: 30/03/2013 - 16:45:00 - [] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 02/11/2006 - 08:18:33 - [] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 28/02/2013 - 12:54:46 - [] ----D C:\Program Files\Common Files\System
O43 - CFD: 05/07/2013 - 10:14:47 - [] ----D C:\Program Files\Common Files\xing shared
O43 - CFD: 15/05/2013 - 13:16:55 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 02/11/2006 - 10:02:03 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 11/12/2013 - 09:50:00 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 17/07/2013 - 16:47:47 - [] ----D C:\ProgramData\COMODO
O43 - CFD: 05/07/2013 - 13:02:20 - [] ----D C:\ProgramData\Comodo Downloader
O43 - CFD: 27/02/2013 - 12:25:38 - [] -SH-D C:\ProgramData\Dados de aplicativos
O43 - CFD: 02/11/2006 - 10:02:03 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 27/02/2013 - 12:25:38 - [] -SH-D C:\ProgramData\Documentos
O43 - CFD: 02/11/2006 - 10:02:03 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 02/11/2006 - 10:02:03 - [] -SH-D C:\ProgramData\Favorites
O43 - CFD: 27/02/2013 - 12:25:38 - [] -SH-D C:\ProgramData\Favoritos
O43 - CFD: 28/02/2013 - 16:34:23 - [] ----D C:\ProgramData\GAS Tecnologia
O43 - CFD: 31/07/2014 - 16:26:46 - [] ----D C:\ProgramData\GbPlugin
O43 - CFD: 27/02/2013 - 19:02:19 - [] ----D C:\ProgramData\Google
O43 - CFD: 28/02/2013 - 17:47:15 - [] ----D C:\ProgramData\Hewlett-Packard
O43 - CFD: 28/02/2013 - 18:00:52 - [] ----D C:\ProgramData\HP
O43 - CFD: 28/02/2013 - 17:54:19 - [] ----D C:\ProgramData\HP Product Assistant
O43 - CFD: 28/02/2013 - 17:57:21 - [0] ----D C:\ProgramData\HPSSUPPLY
O43 - CFD: 27/02/2014 - 20:23:03 - [] ----D C:\ProgramData\Installations
O43 - CFD: 27/02/2013 - 12:25:38 - [] -SH-D C:\ProgramData\Menu Iniciar
O43 - CFD: 27/02/2014 - 20:24:35 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 16/06/2014 - 11:57:22 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 27/02/2013 - 12:25:38 - [] -SH-D C:\ProgramData\Modelos
O43 - CFD: 15/05/2013 - 13:06:05 - [] ----D C:\ProgramData\Mozilla
O43 - CFD: 29/05/2014 - 13:59:24 - [0] ----D C:\ProgramData\Oracle
O43 - CFD: 27/02/2014 - 20:24:00 - [] ----D C:\ProgramData\PC Suite
O43 - CFD: 05/07/2013 - 10:14:45 - [] ----D C:\ProgramData\Real
O43 - CFD: 05/07/2013 - 09:49:18 - [] ----D C:\ProgramData\RealNetworks
O43 - CFD: 25/02/2014 - 12:23:55 - [] ----D C:\ProgramData\Skype
O43 - CFD: 02/11/2006 - 10:02:03 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 09/03/2013 - 23:12:38 - [] ----D C:\ProgramData\Sun
O43 - CFD: 02/11/2006 - 10:02:04 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 28/02/2013 - 18:03:38 - [] ----D C:\ProgramData\WEBREG
O43 - CFD: 20/03/2013 - 13:52:29 - [] ----D C:\ProgramData\WindowsSearch
O43 - CFD: 28/02/2013 - 13:26:22 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Adobe
O43 - CFD: 13/01/2014 - 15:42:09 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\AVAST Software
O43 - CFD: 29/05/2014 - 14:33:13 - [0] ----D C:\Users\JOSE LUIS\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 27/02/2013 - 19:07:37 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Google
O43 - CFD: 10/03/2013 - 15:08:25 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\HP
O43 - CFD: 09/08/2014 - 20:57:33 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\HpUpdate
O43 - CFD: 27/02/2013 - 12:31:29 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Identities
O43 - CFD: 27/02/2013 - 13:11:57 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Macromedia
O43 - CFD: 02/11/2006 - 09:37:34 - [0] ----D C:\Users\JOSE LUIS\AppData\Roaming\Media Center Programs
O43 - CFD: 18/07/2014 - 15:51:17 - [] -S--D C:\Users\JOSE LUIS\AppData\Roaming\Microsoft
O43 - CFD: 08/06/2013 - 13:28:18 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Mozilla
O43 - CFD: 27/02/2014 - 20:23:58 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\PC Suite
O43 - CFD: 11/03/2014 - 14:34:37 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\PDF Architect
O43 - CFD: 10/07/2013 - 15:38:06 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Real
O43 - CFD: 05/07/2013 - 09:49:57 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\RealNetworks
O43 - CFD: 16/05/2013 - 22:53:53 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Skype
O43 - CFD: 31/07/2014 - 18:24:57 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 15/03/2013 - 11:55:03 - [] ----D C:\Users\JOSE LUIS\AppData\Local\A.E.T. Europe B.V
O43 - CFD: 24/06/2014 - 16:47:38 - [] ----D C:\Users\JOSE LUIS\AppData\Local\Adobe
O43 - CFD: 27/02/2013 - 12:31:25 - [] -SH-D C:\Users\JOSE LUIS\AppData\Local\Dados de aplicativos
O43 - CFD: 16/06/2014 - 11:59:45 - [] ----D C:\Users\JOSE LUIS\AppData\Local\Google
O43 - CFD: 27/02/2013 - 12:31:25 - [] -SH-D C:\Users\JOSE LUIS\AppData\Local\Histórico
O43 - CFD: 28/02/2013 - 18:24:39 - [] ----D C:\Users\JOSE LUIS\AppData\Local\HP
O43 - CFD: 15/05/2013 - 13:19:47 - [] ----D C:\Users\JOSE LUIS\AppData\Local\Macromedia
O43 - CFD: 24/05/2013 - 12:47:11 - [] ----D C:\Users\JOSE LUIS\AppData\Local\Microsoft
O43 - CFD: 28/02/2013 - 00:08:08 - [] ----D C:\Users\JOSE LUIS\AppData\Local\Microsoft Games
O43 - CFD: 14/05/2013 - 17:44:11 - [] ----D C:\Users\JOSE LUIS\AppData\Local\Microsoft Help
O43 - CFD: 15/05/2013 - 13:06:24 - [] ----D C:\Users\JOSE LUIS\AppData\Local\Mozilla
O43 - CFD: 31/07/2014 - 18:23:02 - [] ----D C:\Users\JOSE LUIS\AppData\Local\Temp
O43 - CFD: 27/02/2013 - 12:31:25 - [] -SH-D C:\Users\JOSE LUIS\AppData\Local\Temporary Internet Files
O43 - CFD: 24/05/2013 - 12:55:18 - [] ----D C:\Users\JOSE LUIS\AppData\Local\VirtualStore
O43 - CFD: 02/11/2006 - 09:54:36 - [] R---D C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 27/02/2013 - 12:31:38 - [] R---D C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 02/11/2006 - 09:50:41 - [] R---D C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 18/02/2014 - 17:01:31 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pimaco
O43 - CFD: 09/03/2013 - 23:13:56 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 03/04/2014 - 14:26:52 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
O43 - CFD: 18/04/2013 - 15:32:48 - [] R---D C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Program Folder: 132 Scanned in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.359DCB03B645DF079362E0EC8E89935F] - 17/07/2014 - 10:19:39 ---A- . (...) -- C:\Windows\setupact.log [32251]
O44 - LFC:[MD5.30248FD17955A2A95485EEAE3B11F146] - 17/07/2014 - 13:06:42 ---A- . (...) -- C:\Windows\PFRO.log [250706]
O44 - LFC:[MD5.F809B06B92C6FFD01442E03B4F6BD22B] - 31/07/2014 - 15:57:53 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.F496C5BC3FA7105B137AB1FE9E6C573D] - 31/07/2014 - 16:01:50 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1876551]
~ Files: 4 Scanned in 00mn 05s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Negação do serviço (Local Security Authority) (048)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
~ LSA: 7 Scanned in 00mn 00s



---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{11ae59d9-9fe6-11e3-a2b1-001d7d8bc8b1}\AutoRun\command. (...) -- E:\NokiaPCIA_Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 08s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 3 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0
~ MWPE Keys: 1 Scanned in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:02/11/2006 - 06:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:02/11/2006 - 06:51:32 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [297576]
O58 - SDL:02/11/2006 - 06:50:35 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\System32\Drivers\adpu160m.sys [98408]
O58 - SDL:02/11/2006 - 06:51:00 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\Drivers\adpu320.sys [147048]
O58 - SDL:02/11/2006 - 06:49:20 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [14952]
O58 - SDL:02/11/2006 - 06:50:09 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [67688]
O58 - SDL:02/11/2006 - 06:50:10 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [67688]
O58 - SDL:09/05/2014 - 17:57:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/05/2014 - 17:57:25 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\System32\Drivers\aswMonFlt.sys [67824]
O58 - SDL:12/05/2014 - 11:12:49 ---A- . (.AVAST Software - avast! TDI Redirect Driver.) -- C:\Windows\System32\Drivers\aswrdr.sys [54832]
O58 - SDL:09/05/2014 - 17:57:25 ---A- . (.AVAST Software - avast! TDI Redirect Driver.) -- C:\Windows\System32\Drivers\aswrdr.sys.1399903964356 [54832]
O58 - SDL:09/05/2014 - 17:57:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:12/05/2014 - 11:12:49 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\System32\Drivers\aswsnx.sys [777488]
O58 - SDL:09/05/2014 - 17:57:25 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\System32\Drivers\aswsnx.sys.1399903964356 [776976]
O58 - SDL:12/05/2014 - 11:12:49 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\System32\Drivers\aswsp.sys [411680]
O58 - SDL:09/05/2014 - 17:57:25 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\System32\Drivers\aswTdi.sys [57672]
O58 - SDL:09/05/2014 - 17:57:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:02/11/2006 - 05:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [13568]
O58 - SDL:02/11/2006 - 05:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [5248]
O58 - SDL:02/11/2006 - 05:25:24 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [71808]
O58 - SDL:02/11/2006 - 05:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [62336]
O58 - SDL:02/11/2006 - 05:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [12160]
O58 - SDL:02/11/2006 - 05:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [11904]
O58 - SDL:17/08/2011 - 09:56:22 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\System32\Drivers\ccdcmb.sys [18176]
O58 - SDL:17/08/2011 - 09:56:26 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\System32\Drivers\ccdcmbo.sys [23168]
O58 - SDL:02/11/2006 - 06:49:28 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [16488]
O58 - SDL:06/09/2011 - 11:10:02 ---A- . (.HID Global Corporation - PC/SC IFD-Handler for CCID compliant Reader.) -- C:\Windows\System32\Drivers\cxbu0wdm.sys [119040]
O58 - SDL:02/11/2006 - 06:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\Drivers\djsvs.sys [71272]
O58 - SDL:02/11/2006 - 04:30:54 ---A- . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\System32\Drivers\E1G60I32.sys [117760]
O58 - SDL:02/11/2006 - 06:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:05/05/2014 - 09:42:00 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:11/03/2014 - 17:51:19 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:24/04/2013 - 06:12:06 ---A- . (.Gemalto - USB Smart Card Reader Driver.) -- C:\Windows\System32\Drivers\GemCCID.sys [98816]
O58 - SDL:02/11/2006 - 06:50:10 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\System32\Drivers\HpCISSs.sys [37480]
O58 - SDL:02/11/2006 - 06:51:25 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\System32\Drivers\iaStorV.sys [232040]
O58 - SDL:02/01/2008 - 16:48:28 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd32.sys [2016256]
O58 - SDL:02/11/2006 - 06:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [41576]
O58 - SDL:02/11/2006 - 06:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 06:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:02/11/2006 - 06:50:04 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [65640]
O58 - SDL:02/11/2006 - 06:50:05 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [65640]
O58 - SDL:02/11/2006 - 06:50:10 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [65640]
O58 - SDL:02/11/2006 - 06:49:53 ---A- . (.LSI Logic Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\System32\Drivers\megasas.sys [28776]
O58 - SDL:02/11/2006 - 06:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\System32\Drivers\Mraid35x.sys [33384]
O58 - SDL:02/11/2006 - 06:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [45160]
O58 - SDL:17/08/2011 - 10:03:58 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\System32\Drivers\nmwcdnsu.sys [137472]
O58 - SDL:17/08/2011 - 10:03:50 ---A- . (.Nokia - Nokia USB Phone Generic Client.) -- C:\Windows\System32\Drivers\nmwcdnsuc.sys [8576]
O58 - SDL:02/11/2006 - 04:36:50 ---A- . (.N-trig Innovative Technologies - Driver nativo digitalizador de tablet N-trig.) -- C:\Windows\System32\Drivers\ntrigdigi.sys [20608]
O58 - SDL:02/11/2006 - 06:50:24 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [88680]
O58 - SDL:02/11/2006 - 06:50:13 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [40040]
O58 - SDL:26/08/2008 - 10:26:12 ---A- . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\Windows\System32\Drivers\pccsmcfd.sys [18816]
O58 - SDL:02/11/2006 - 06:51:45 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [900712]
O58 - SDL:02/11/2006 - 06:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [106088]
O58 - SDL:04/03/2010 - 13:50:14 ---A- . (.Realtek - Realtek 8136/8168/8169 NDIS6 32-bit Driver.) -- C:\Windows\System32\Drivers\Rtlh86.sys [261152]
O58 - SDL:02/11/2006 - 03:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [20480]
O58 - SDL:02/11/2006 - 06:50:10 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [38504]
O58 - SDL:02/11/2006 - 06:50:16 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [71784]
O58 - SDL:26/10/2009 - 15:09:06 ---A- . (.Motorola Inc. - Motorola SM56 Modem WDM Driver.) -- C:\Windows\System32\Drivers\smserial.sys [1095936]
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x86.) -- C:\Windows\System32\Drivers\ssnfd.sys [52744]
O58 - SDL:02/11/2006 - 06:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\System32\Drivers\symc8xx.sys [35944]
O58 - SDL:02/11/2006 - 06:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\System32\Drivers\sym_hi.sys [31848]
O58 - SDL:02/11/2006 - 06:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\System32\Drivers\sym_u3.sys [34920]
O58 - SDL:02/11/2006 - 06:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:02/11/2006 - 06:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:02/11/2006 - 06:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:17/08/2011 - 09:56:30 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\Windows\System32\Drivers\usbser_lowerflt.sys [8192]
O58 - SDL:17/08/2011 - 09:56:32 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\Windows\System32\Drivers\usbser_lowerfltj.sys [8192]
O58 - SDL:02/11/2006 - 06:49:30 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [17512]
O58 - SDL:02/11/2006 - 06:50:41 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\System32\Drivers\vsmraid.sys [112232]
O58 - SDL:27/05/2014 - 16:15:16 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gt.sys [55224] =>PUP.LinkiDoo
O58 - SDL:02/11/2006 - 04:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 04:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:02/11/2006 - 04:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 04:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 04:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 04:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 04:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 04:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 04:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 04:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 04:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 04:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 04:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 85 Scanned in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 09/05/2014 - C:\Windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - 12/05/2014 - C:\Windows\system32\drivers\aswRdr.sys (AswRdr) .(.AVAST Software - avast! TDI Redirect Driver.) - LEGACY_ASWRDR
O64 - Services: CurCS - 09/05/2014 - C:\Windows\System32\Drivers\aswRvrt.sys (aswRvrt) .(...) - LEGACY_ASWRVRT
O64 - Services: CurCS - 12/05/2014 - C:\Windows\system32\drivers\aswSnx.sys (aswSnx) .(.AVAST Software - avast! Virtualization Driver.) - LEGACY_ASWSNX
O64 - Services: CurCS - 12/05/2014 - C:\Windows\system32\drivers\aswSP.sys (aswSP) .(.AVAST Software - avast! self protection module.) - LEGACY_ASWSP
O64 - Services: CurCS - 09/05/2014 - C:\Windows\system32\drivers\aswTdi.sys (aswTdi) .(.AVAST Software - avast! TDI Filter Driver.) - LEGACY_ASWTDI
O64 - Services: CurCS - 09/05/2014 - C:\Windows\System32\Drivers\aswVmm.sys (aswVmm) .(...) - LEGACY_ASWVMM
O64 - Services: CurCS - 05/05/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 11/03/2014 - C:\Windows\System32\DRIVERS\gbpndisrdn.sys (Ndisrd) .(.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - LEGACY_NDISRD
O64 - Services: CurCS - 02/11/2006 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 13/05/2014 - C:\Windows\System32\drivers\ssnfd.sys (ssnfd) .(.Search Snacks - Search Snacks Driver x86.) - LEGACY_SSNFD
O64 - Services: CurCS - 27/05/2014 - C:\Windows\System32\drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gt.sys ({6c0944d8-b49f-4f69-8ce8-524e562a2250}Gt) .(.StdLib - StdLib.) - LEGACY_{6C0944D8-B49F-4F69-8CE8-524E562A2250}GT =>PUP.LinkiDoo
~ Legacy: 76 Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {3C082502-B15C-4B92-B88F-8B1AA1AD2DF2} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [24576]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [62976]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [247808]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [40448]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [40448]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [125952]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [576512]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [444928]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [315392]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [262144]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [68608]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [47104]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [288256]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\Windows\System32\tapisrv.dll [242688]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de conexões remotas do Terminal Server.) -- C:\Windows\System32\termsrv.dll [449024]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1933848]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll [758784]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [247808]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [200704]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [19968]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [33280]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [111616]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [45056]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [153088]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [57344]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [162304]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [601600]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração dos Serviços de Terminal.) -- C:\Windows\System32\sessenv.dll [84992]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [81920]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll [68096]
~ Services: 31 Scanned in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 10/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/02/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/02/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/02/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (sssvc) . (...) - C:\Program Files\SearchSnacks\Service\sssvc.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Demand 18/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 18/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 18/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/04/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect\HelperService.exe
SR - | Auto 08/04/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect\ConversionService.exe
SR - | Auto 18/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 18/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by JOSE LUIS at 31/07/2014 18:26:00
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
1 ntkrnlpa!IofCallDriver[0x82A46916] >> \Device\Harddisk0\DR0[0x86139AC8]
3 CLASSPNP[0x889A38B3] >> ntkrnlpa!IofCallDriver[0x82A46916] >> [0x85062918]
5 acpi[0x8069F6BC] >> ntkrnlpa!IofCallDriver[0x82A46916] >> \Device\Ide\IdeDeviceP0T0L0-0[0x85066528]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Scanned in 00mn 02s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by JOSE LUIS at 31/07/2014 18:26:02
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool =>.Nicolas Coolman

---\\ Scâner Aditional (088)
Database Version : 13026 - (30/07/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
C:\Users\JOSE LUIS\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
C:\Users\JOSE LUIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci =>PUP.DealPly
~ Additionnel Scan: 193991 Items scanned in 00mn 26s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Scanned in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ContentExplorer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.eSafeSecurity
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ MSI: 5 link(s) detected in 00mn 00s



End of the scan (1033 lines in 02mn 59s)(0)

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Eis o relatório do ADWCLEANEr:

# AdwCleaner v3.302 - Relatório criado 04/08/2014 às 12:36:45
# Atualizado 30/07/2014 por Xplode
# Sistema Operacional : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Usuário : JOSE LUIS - JOSELUIS-DESKT
# Executando de : C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP9NBQ81\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : {6c0944d8-b49f-4f69-8ce8-524e562a2250}Gt

***** [ Arquivos / Pastas ] *****

Arquivo Deletada : C:\Windows\system32\drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gt.sys

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16561


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [9852 octets] - [28/05/2014 11:06:34]
AdwCleaner[R1].txt - [1027 octets] - [28/05/2014 11:13:34]
AdwCleaner[R2].txt - [1148 octets] - [28/05/2014 11:50:46]
AdwCleaner[R3].txt - [1200 octets] - [28/05/2014 12:17:17]
AdwCleaner[R4].txt - [2121 octets] - [17/07/2014 13:02:21]
AdwCleaner[R5].txt - [1662 octets] - [04/08/2014 12:33:22]
AdwCleaner[S0].txt - [8603 octets] - [28/05/2014 11:07:49]
AdwCleaner[S1].txt - [1082 octets] - [28/05/2014 11:14:33]
AdwCleaner[S2].txt - [1203 octets] - [28/05/2014 11:51:28]
AdwCleaner[S3].txt - [1255 octets] - [28/05/2014 12:17:51]
AdwCleaner[S4].txt - [2167 octets] - [17/07/2014 13:04:48]
AdwCleaner[S5].txt - [1473 octets] - [04/08/2014 12:36:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1533 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 04-August-2014
Tool run by JOSE LUIS on 04/08/2014 at 13:32:50,71.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H49MASZ7\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== Older Logs ======================

C:\zoek-results2014-05-28-183832.log 17941 bytes
C:\zoek-results2014-05-29-124848.log 11509 bytes

==== Empty Folders Check ======================

C:\Program Files\Hewlett-Packard deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\PROGRA~2\HPSSUPPLY deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\Users\JOSE LUIS\AppData\Roaming\ContentExplorer deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sssvc deleted successfully

==== Deleting Files \ Folders ======================

C:\Users\JOSE LUIS\Searches deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\JOSELU~1\AppData\Local\Temp ====
====== Java Cache =====
2014-07-31 15:19:09 AA7E13D8370628194DCFBD0D8BE39985 17176 -c--a-w- C:\Users\JOSE LUIS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2fb889a6-2c22fe4d
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2014-07-10 13:15:14 F5272A105F59A7B3B345D9D6D87DA7AD 273408 -c--a-w- C:\Windows\System32\drivers\afd.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\JOSE LUIS\AppData\Roaming ======
====== C:\Users\JOSE LUIS ======

====== C: exe-files ==
2014-08-04 15:32:57 065B9F528580B2C8A54E9A14C6890685 1361309 -c--a-w- C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP9NBQ81\AdwCleaner.exe
2014-07-31 21:21:44 F0BE9A21B98A0866FD536BE7064FCB01 6858173 -c--a-w- C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H49MASZ7\ZHPDiag2.exe
2014-07-31 21:20:01 914B7F129FA54C91599B543840EF962A 1227264 -c--a-w- C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYCD96V3\NCDiag.exe
=== C: other files ==
2014-07-29 18:49:47 F78B485186946B2B0713C22FC43F9C92 52627 -c--a-w- C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYCD96V3\Anexos.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-644814064-753680641-2794751463-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
"NokiaPCInternetAccess"="C:\Program Files\Nokia\PC Internet Access\NPCIA.exe /b"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe -osboot"
"CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}"="C:\Users\JOSELU~1\AppData\Local\Temp\cis34B0.exe --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"CertificateRegistration"="aetcrss1.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
"NokiaPCInternetAccess"="C:\Program Files\Nokia\PC Internet Access\NPCIA.exe /b"

==== Startup Folders ======================

2013-04-18 18:32:48 1113 -c--a-w- C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk
2013-02-28 20:55:41 1972 -c--a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a--c--- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/07/2014 11:04]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a--c--- [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a--c--- C:\Program Files\Google\Update\GoogleUpdate.exe [27/02/2013 18:59]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-644814064-753680641-2794751463-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-644814064-753680641-2794751463-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{17FD3251-6EAA-489F-8A6C-06DC9E8F667A}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [05/07/2013 09:49]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.uol.com.br/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.uol.com.br/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{3C082502-B15C-4B92-B88F-8B1AA1AD2DF2}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{3C082502-B15C-4B92-B88F-8B1AA1AD2DF2} Google Url="http://www.google.com/search?q={searchTerms}"
{3C082502-B15C-4B92-B88F-8B1AA1AD2DF2} Google Url="http://www.google.com/search?q={searchTerms}"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchSnacks deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\JOSE LUIS\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JOSE LUIS\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H49MASZ7 will be deleted at reboot
C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=20 folders=14 3805756 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\JOSE LUIS\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\JOSELU~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H49MASZ7" not found

==== EOF on 04/08/2014 at 14:53:43,96 ======================

Você não usou o Zoek da forma que é mostrada no tutorial que te passei.

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
chromelook;

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 04-August-2014
Tool run by JOSE LUIS on 04/08/2014 at 15:37:26,71.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\JOSE LUIS\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-28-183832.log 17941 bytes
C:\zoek-results2014-05-29-124848.log 11509 bytes
C:\zoek-results2014-08-04-175343.log 10639 bytes

==== System Restore Info ======================

04/08/2014 15:39:11 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\JOSE LUIS\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [05/07/2013 09:49]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.uol.com.br/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.uol.com.br/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{3C082502-B15C-4B92-B88F-8B1AA1AD2DF2}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{3C082502-B15C-4B92-B88F-8B1AA1AD2DF2} Google Url="http://www.google.com/search?q={searchTerms}"
{3C082502-B15C-4B92-B88F-8B1AA1AD2DF2} Google Url="http://www.google.com/search?q={searchTerms}"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\HP Photosmart Essential 2.01.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
C:\Users\Public\Desktop\Nokia PC Internet Access.lnk - C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe
C:\Users\Public\Desktop\RealPlayer.lnk - C:\program files\real\realplayer\RealPlay.exe /launch:desktop
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\JOSE LUIS\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JOSE LUIS\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=20 folders=14 3805163 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\JOSE LUIS\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\JOSELU~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\JOSE LUIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 04/08/2014 at 15:53:32,22 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by JOSE LUIS on 04/08/2014 at 16:09:29,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/08/2014 at 16:12:44,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 04/08/2014
Hora da Verificação: 16:29:15
Logfile: MWB log 4 ago.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.08.04.06
Rootkit Database: v2014.08.01.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows Vista Service Pack 2
CPU: x86
Sistema de Arquivo: NTFS
Usuário: JOSE LUIS

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 425264
Tempo Decorrido: 1 hr, 54 min, 37 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 2
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\SearchSnacks, No Action By User, [fa9c635f5b20b1857f28cf13d23034cc],
PUP.Optional.SearchSnacks, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ssnfd, No Action By User, [4254a31f4239dd59b03e62700ef433cd],

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 8
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Pictures\Lisa e eu\Documentos PD\CLIENTES\IRACEMA\WiseConvert.exe, No Action By User, [dcba6e54cdae78be0f90e44b16ea0ff1],
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Documents\Documentos PD\CLIENTES\IRACEMA\WiseConvert.exe, No Action By User, [3c5a1aa84833f442554a17186f9123dd],
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Documents\CLIENTES\IRACEMA\WiseConvert.exe, No Action By User, [a7ef962c4b30b97db2edb47b41bf1fe1],
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Documents\KINGSTON\Documents\CLIENTES\IRACEMA\WiseConvert.exe, No Action By User, [870f665c7803ea4cf1ae51ded42ca15f],
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Documents\KINGSTON\Documents\Documents\CLIENTES\IRACEMA\WiseConvert.exe, No Action By User, [e5b1cff33645072f811e49e6d22e916f],
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Music\CLIENTES\IRACEMA\WiseConvert.exe, No Action By User, [3a5c2f9353283df9039c1c1347b90ef2],
PUP.Optional.Conduit, C:\Documentos PD\CLIENTES\IRACEMA\WiseConvert.exe, No Action By User, [2a6c249ef18af0461689be712ad602fe],
PUP.Optional.SearchSnacks, C:\Windows\System32\drivers\ssnfd.sys, No Action By User, [4254a31f4239dd59b03e62700ef433cd],

Physical Sectors: 0
(No malicious items detected)


(end)

O malwarebytes encontrou vários problemas, mas no relatório dele está constando que você aina não os removeu. É preciso selecionar e remover os probemas, tal como mostra o tutorial que te passei. Depois disto poste o novo relatório que o Malwarebytes irá criar.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 05/08/2014
Hora da Verificação: 17:32:07
Logfile:
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.08.05.08
Rootkit Database: v2014.08.04.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows Vista Service Pack 2
CPU: x86
Sistema de Arquivo: NTFS
Usuário: JOSE LUIS

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 430673
Tempo Decorrido: 2 hr, 35 min, 19 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 0
(No malicious items detected)

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 7
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Pictures\Lisa e eu\Documentos PD\CLIENTES\IRACEMA\WiseConvert.exe, Quarantined, [ce2ebf030e6d66d08020db54808016ea],
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Documents\Documentos PD\CLIENTES\IRACEMA\WiseConvert.exe, Quarantined, [32cad4eed2a97abc8719bb7497697888],
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Documents\CLIENTES\IRACEMA\WiseConvert.exe, Quarantined, [a65617abeb900432237db37c1ee2db25],
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Documents\KINGSTON\Documents\CLIENTES\IRACEMA\WiseConvert.exe, Quarantined, [827aa41e9cdf0432c0e01a1508f81fe1],
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Documents\KINGSTON\Documents\Documents\CLIENTES\IRACEMA\WiseConvert.exe, Quarantined, [c6367c46d1aa3ef8d5cbbf70b947a65a],
PUP.Optional.Conduit, C:\Users\JOSE LUIS\Music\CLIENTES\IRACEMA\WiseConvert.exe, Quarantined, [6f8d447e2a51132319878ba455ab5da3],
PUP.Optional.Conduit, C:\Documentos PD\CLIENTES\IRACEMA\WiseConvert.exe, Quarantined, [56a66959651652e4e1bf42ed6c946f91],

Physical Sectors: 0
(No malicious items detected)


(end)

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.7.30.111 - Nicolas Coolman (30/07/2014)
~ Iniciado por JOSE LUIS (06/08/2014 15:53:14)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.2.1012

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (31% free)
System Restore: Activé (Enable)
System drive C: has 5 GB (2%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: JOSELUIS-DESKT
~ User Name: JOSE LUIS
~ All Users Names: JOSE LUIS, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\JOSE LUIS\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\JOSE LUIS\AppData\Roaming\
~ %Desktop% : C:\Users\JOSE LUIS\Desktop\
~ %Favorites% : C:\Users\JOSE LUIS\Favorites\
~ %LocalAppData% : C:\Users\JOSE LUIS\AppData\Local\
~ %StartMenu% : C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 5 Go of 233 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Windows Explorer.) (.10/04/2009 - 23:27:38.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.18/01/2008 - 23:33:38.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.61D9AD9E55D7A1E10C0EF701ADE1C486] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/06/2014 - 20:02:16.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.10/04/2009 - 23:28:14.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.F5272A105F59A7B3B345D9D6D87DA7AD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:53:22.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/04/2009 - 23:32:28.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.18/01/2008 - 21:28:04.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/04/2009 - 21:39:18.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 11:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/04/2009 - 21:42:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Driver de porta i8042.) (.18/01/2008 - 21:49:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.18/01/2008 - 21:56:30.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 10:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.10/04/2009 - 21:45:38.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.03/03/2013 - 16:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Driver de porta paralela.) (.18/01/2008 - 21:49:34.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.18/01/2008 - 21:56:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 06:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.10/04/2009 - 21:45:24.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.10/04/2009 - 21:45:58.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/08/2012 - 08:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2628
~ Mes musiques (My Musics) : 1/4414
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/75
~ Mes Documents (My Documents) : 2/13961
~ Mon Bureau (My Desktop) : 1/19
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 26s



---\\ Processos lançados
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.3816]
[MD5.806DB5F4FC5185AFC608E881979CC25F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.3848]
[MD5.D4975555E91636FCF4809E51731F80D8] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [166424] [PID.3876]
[MD5.CD12A46AE81306C2F14B19A58E1058B0] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [133656] [PID.3896]
[MD5.0AE3673E1C450359490CF47D6AA3AF7F] - (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176] [PID.3956]
[MD5.7AF5A466CF4AECA28E3DCBCF5B6FD220] - (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152] [PID.4004]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512] [PID.4056]
[MD5.2218928CF528D7BC295B1B4C69E9846C] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.4064]
[MD5.04F6CBD2BDAB19480F82AB255E56E9DB] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe [151552] [PID.4084]
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896] [PID.1612]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.2056]
[MD5.E5C98FB98FA1C6B618695B6B07240604] - (.Nokia - Nokia PC Internet Access.) -- C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [544768] [PID.1452]
[MD5.F14219FC767F1383526AB423F278A8E3] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [210520] [PID.1508]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.1264]
[MD5.8BEB7107A0CE4BB1C4F7294C377DF3E9] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [256536] [PID.848]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3164]
[MD5.FEDDD3579FEE51A9873D856DF3933C68] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [151552] [PID.3788]
[MD5.08ED70F000508724BAF881AA07C21BE1] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [758000] [PID.1656]
[MD5.C8BC9A2DC599F1A52DC6B42FDD47B01E] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632] [PID.4460]
[MD5.B3593D56E802DE2C61B755B85669B2B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8083968] [PID.1672]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5424]
~ Processes Running: Scanned in 00mn 02s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehuni.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] C:\Users\JOSELU~1\AppData\Local\Temp\cis34B0.exe (.not file.)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Aplicativo de Configuração do Serviço de co.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [NokiaPCInternetAccess] . (.Nokia - Nokia PC Internet Access.) -- C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Chave orfã
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Chave orfã
O4 - HKUS\S-1-5-21-644814064-753680641-2794751463-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-644814064-753680641-2794751463-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-644814064-753680641-2794751463-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Aplicativo de Configuração do Serviço de co.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-644814064-753680641-2794751463-1000\..\Run: [NokiaPCInternetAccess] . (.Nokia - Nokia PC Internet Access.) -- C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Chave orfã
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F2865E6-9235-407C-9D1C-0BDA5ACAB9D8}: DhcpNameServer = 201.6.2.77 201.6.2.167
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F2865E6-9235-407C-9D1C-0BDA5ACAB9D8}: DhcpNameServer = 201.6.2.77 201.6.2.167
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F2865E6-9235-407C-9D1C-0BDA5ACAB9D8}: DhcpNameServer = 201.6.2.77 201.6.2.167
O17 - HKLM\System\CS3\Services\Tcpip\..\{3F2865E6-9235-407C-9D1C-0BDA5ACAB9D8}: DhcpNameServer = 201.6.2.77 201.6.2.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.77 201.6.2.167
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 8 Legitimates Filtered in 00mn 09s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 90 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {5A063474-AD9D-4AFE-8CCF-A076ACDF8FD7}
~ Logic: 21 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\Baidu Security]
[HKLM\Software\A.E.T. Europe B.V.]
~ Key Software: 157 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/01/2014 - 12:35:06 - [] ----D C:\Program Files\A.E.T. Europe B.V
O43 - CFD: 03/04/2014 - 14:29:05 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 15/03/2013 - 11:55:03 - [] ----D C:\Users\JOSE LUIS\AppData\Local\A.E.T. Europe B.V
O43 - CFD: 18/02/2014 - 17:01:31 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pimaco
O43 - CFD: 09/03/2013 - 23:13:56 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 03/04/2014 - 14:26:52 - [] ----D C:\Users\JOSE LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 129 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.6165164957424A93CABC81239B90B42C] - 04/08/2014 - 13:34:26 ---A- . (...) -- C:\zoek-results2014-05-29-124848.log [11509]
O44 - LFC:[MD5.B58C0E8B28050E8D74745C9144BA42D1] - 04/08/2014 - 14:53:43 ---A- . (...) -- C:\zoek-results2014-08-04-175343.log [10639]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 04/08/2014 - 15:37:17 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.4B3BA91AE6F954DED12FCB16422EE8D8] - 04/08/2014 - 15:53:32 ---A- . (...) -- C:\zoek-results.log [7773]
O44 - LFC:[MD5.4F5C0BC6FCE76F66C091ABC6D8F9A5EE] - 06/08/2014 - 13:42:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [144296]
O44 - LFC:[MD5.B488500CF3B91BCF29B71DF23665A671] - 06/08/2014 - 13:42:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [685222]
~ Files: 17 Legitimates Filtered in 00mn 37s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{11ae59d9-9fe6-11e3-a2b1-001d7d8bc8b1}\AutoRun\command. (...) -- E:\NokiaPCIA_Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 01s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2014 - 17:57:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/05/2014 - 17:57:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/05/2014 - 17:57:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:02/11/2006 - 06:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:05/05/2014 - 09:42:00 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:11/03/2014 - 17:51:19 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:02/11/2006 - 06:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 06:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:02/11/2006 - 06:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:02/11/2006 - 06:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:02/11/2006 - 06:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:02/11/2006 - 04:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 04:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:02/11/2006 - 04:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 04:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 04:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 04:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 04:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 04:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 04:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 04:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 04:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 04:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 04:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 04:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 87 Legitimates Filtered in 00mn 09s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 05/05/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 76 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {3C082502-B15C-4B92-B88F-8B1AA1AD2DF2} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 10/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/02/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/02/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/02/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Demand 18/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 18/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 18/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/04/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect\HelperService.exe
SR - | Auto 08/04/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect\ConversionService.exe
SR - | Auto 18/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 18/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s



---\\ Scâner Aditional (088)
Database Version : 13026 - (30/07/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
C:\Users\JOSE LUIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci =>PUP.DealPly
~ Additionnel Scan: 189918 Items scanned in 00mn 27s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.eSafeSecurity
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ MSI: 2 link(s) detected in 00mn 00s



~ 634 Legitimates filtered by white list
End of the scan (450 lines in 02mn 58s)(0)

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
____________________________________________________________________________________

Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
O4 - HKLM\..\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] C:\Users\JOSELU~1\AppData\Local\Temp\cis34B0.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Chave orfã
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Chave orfã
[HKCU\Software\Baidu Security]
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
C:\Users\JOSE LUIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci =>PUP.DealPly
ShortcutFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.