Não consigo acessar a internet

por neiliandro Qua 13 Ago 2014, 08:32

Bom dia, por favor me ajude!
Dificilmente consigo acessar a internet (Firefox e Internet explore),
Quando acesso o antivírus avisa que uma ameaça foi detectada, a janela do navegador fecha, fica tudo travado, lento as janelas não abrem mais tento reiniciar no navegador porém não adianta, raras as vezes que consigo acessar, como agora.
Outro problema é o Baidu, tentei de todas as formas desinstala-lo, através do Revo Uninstaller, da própria pasta no disco C, mas não consigo acessar o Uninstall, fala que não tenho permissão para acessa-lo.

Não sei mais o que fazer! Não consigo acessar a internet 335764

por **Power Max** Qua 13 Ago 2014, 09:30

Olá Neiliandro. Seja bem vindo ao Fórum PC Brasil.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por neiliandro Qua 13 Ago 2014, 15:35

Obrigado Power Max, segue abaixo o relatório do Adwcleaner

# AdwCleaner v3.304 - Relatório criado 13/08/2014 às 15:20:56
# Atualizado 08/08/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Neiliandro da Silva - NEILIANDRO
# Executando de : C:\Users\Neiliandro da Silva\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : Update ClearThink
[#] Serviço Deletada : Update GrooveDock
[#] Serviço Deletada : Util GrooveDock
Serviço Deletada : {1c7f4e5b-0b01-4ace-af25-38696a6406fc}Gw64
Serviço Deletada : {1c7f4e5b-0b01-4ace-af25-38696a6406fc}w64

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Systweak
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak Support Dock
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaks
[!] Pasta Deletada : C:\Program Files (x86)\HomeTab
Pasta Deletada : C:\Program Files (x86)\PC Cleaner
Pasta Deletada : C:\Program Files (x86)\Systweak Support Dock
Pasta Deletada : C:\Program Files (x86)\Tweaks
Pasta Deletada : C:\Program Files (x86)\Video Converter
Pasta Deletada : C:\Program Files (x86)\hdtotal1.2
Pasta Deletada : C:\Program Files (x86)\ClearThink
Pasta Deletada : C:\Program Files (x86)\GrooveDock
Pasta Deletada : C:\Program Files\HomeTab
Pasta Deletada : C:\Users\NEILIA~1\AppData\Local\Temp\ClearThink
Pasta Deletada : C:\Users\Neiliandro da Silva\VideoConverter
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Local\genienext
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Local\Mysearchdial
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\LocalLow\HomeTab
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\LocalLow\SimplyTech
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\1H1Q
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\Mysearchdial
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\pdfforge
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\SimplyTech
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
Pasta Deletada : C:\Users\Neiliandro da Silva\Documents\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\neiliandro\AppData\Roaming\Mozilla\Firefox\Profiles\972uqp3s.default\Extensions\a841c8b5-4960-4555-87bf-dbd75965c3f5@aec11bbe-81d6-43aa-873c-a071b69ed8a5.com
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default\Extensions\a841c8b5-4960-4555-87bf-dbd75965c3f5@aec11bbe-81d6-43aa-873c-a071b69ed8a5.com
Pasta Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default\Extensions\staged\a841c8b5-4960-4555-87bf-dbd75965c3f5@aec11bbe-81d6-43aa-873c-a071b69ed8a5.com
Arquivo Deletada : C:\Users\Public\Desktop\File Extractor.lnk
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Windows\System32\sasnative64.exe
Arquivo Deletada : C:\Windows\System32\drivers\{1c7f4e5b-0b01-4ace-af25-38696a6406fc}Gw64.sys
Arquivo Deletada : C:\Windows\System32\drivers\{1c7f4e5b-0b01-4ace-af25-38696a6406fc}w64.sys
Arquivo Deletada : C:\Users\Neiliandro da Silva\daemonprocess.txt
Arquivo Deletada : C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Video Converter.lnk

***** [ Tarefas ] *****

Tarefa Deletedo : Advanced System Protector
Tarefa Deletedo : Advanced System Protector_startup
Tarefa Deletedo : Dealply
Tarefa Deletedo : DealPlyUpdate
Tarefa Deletedo : hdtotal1.2-chromeinstaller
Tarefa Deletedo : hdtotal1.2-codedownloader
Tarefa Deletedo : hdtotal1.2-enabler
Tarefa Deletedo : hdtotal1.2-firefoxinstaller
Tarefa Deletedo : hdtotal1.2-updater

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Chave Deletedo : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.Band
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.Band.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0052922.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0052922.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0052922.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0052922.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291122}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292222}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295522}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296622}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{06e035f9-c6b3-4ae7-a839-ba68791f5499}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291122}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511291122}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511291122}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291122}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292222}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295522}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296622}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291122}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\HomeTab
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\InstalledBrowserExtensions
Chave Deletedo : HKCU\Software\mysearchdial
Chave Deletedo : HKCU\Software\simplytech
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\ClearThink
Chave Deletedo : HKCU\Software\GrooveDock
Chave Deletedo : HKCU\Software\AppDataLow\GrooveDock
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\simplytech
Chave Deletedo : HKCU\Software\AppDataLow\Software\hdtotal1.2
Chave Deletedo : HKLM\Software\InstalledBrowserExtensions
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\hdtotal1.2
Chave Deletedo : HKLM\Software\ClearThink
Chave Deletedo : HKLM\Software\GrooveDock
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks File Extractor
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hdtotal1.2
Chave Deletedo : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClearThink
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GrooveDock

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17207

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v

[ Arquivo : C:\Users\neiliandro\AppData\Roaming\Mozilla\Firefox\Profiles\972uqp3s.default\prefs.js ]

[ Arquivo : C:\Users\Neiliandro da Silva\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default\prefs.js ]

Linha deletada : user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Linha deletada : user_pref("extensions.crossrider.bic", "1472f97d06008d08b8a153da947a987a");

*************************

AdwCleaner[R0].txt - [18512 octets] - [13/08/2014 15:19:11]
AdwCleaner[S0].txt - [13933 octets] - [13/08/2014 15:20:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13994 octets] ##########

por **Power Max** Qua 13 Ago 2014, 15:46

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

por neiliandro Qua 13 Ago 2014, 17:07

Boa tarde Power Max segue o Relatório do Zoek

Zoek.exe v5.0.0.0 Updated 11-August-2014
Tool run by Neiliandro da Silva on 13/08/2014 at 16:16:22,90.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Neiliandro da Silva\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13/08/2014 16:25:45 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\WinAVI deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\Users\neiliandro\AppData\Roaming\DAEMON Tools Lite deleted successfully
C:\Users\Neiliandro da Silva\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Neiliandro da Silva\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\neiliandro\AppData\Local\VirtualStore deleted successfully
C:\Users\Neiliandro da Silva\AppData\Local\CrashDumps deleted successfully
C:\Users\Neiliandro da Silva\AppData\Local\Dell deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2995875875-2491209139-696693241-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6FF37769-0FF3-4F0D-9FDC-F940C33DAB9D} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\NEILIA~2\AppData\Roaming\Mozilla\Firefox\Profiles\972uqp3s.default\prefs.js:
user_pref("browser.startup.homepage", "google");

Added to C:\Users\NEILIA~2\AppData\Roaming\Mozilla\Firefox\Profiles\972uqp3s.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\NEILIA~1\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com.br/");
user_pref("browser.newtab.url", "google");
user_pref("browser.search.defaultenginename", "Pesquisa Segura");
user_pref("browser.search.selectedEngine", "Pesquisa Segura");
user_pref("browser.search.order.1", "Pesquisa Segura");
user_pref("keyword.URL", "http://br.search.yahoo.com/search?fr=mcafee&type=A111BR0&p=");

Added to C:\Users\NEILIA~1\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\NEILIA~2\AppData\Roaming\Mozilla\Firefox\Profiles\972uqp3s.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_082014_1647_.backup

ProfilePath: C:\Users\NEILIA~1\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default

user.js not found
---- Lines enabledAddons" modified from prefs.js ----

user_pref("extensions.enabledAddons", "a841c8b5-4960-4555-87bf-dbd75965c3f5%40aec11bbe-81d6-43aa-873c-a071b69ed8a5.com:0.94.22,BaixouAgora%40Baixou:1.
---- Lines installCache" modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Users\\
---- Lines aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922 removed from prefs.js ----
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643a
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643a
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.active", true);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.addressbar", "NA");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.addressbarenhanced", "");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.asyncdb.was_copied", "true");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.asyncdb_dbWasSet", true);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.asyncinternaldb.was_copied", "true");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.asyncinternaldb_dbWasSet", true);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.backgroundver", 3);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.certdomaininstaller", "");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.changeprevious", false);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.cookie.InstallationTime.value", "%221394903301%2
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.description", "HQ Videos is an add-on for your I
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.domain", "");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.enablesearch", false);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.homepage", "");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.iframe", false);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.InstallationThankYouPage", true);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.InstallationTime", 1394903301);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.__defualt_browser__.value", "%22ff%22
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.monetization_plugin__disable_bi_pixel
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.monetization_plugin__disable_bi_pixel
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.monetization_plugin_regBundledWithSof
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.monetization_plugin_regBundledWithSof
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_appVer.value", "66");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_nextCheck.expiration", "Sun
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_remote_resources.expiration
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.lastDailyReport", "1405252797233");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.lastUpdate", "1405252791692");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.manifesturl", "");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.name", "HQ-Video-Pro-1.5");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.newtab", "");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.opensearch", "");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.pluginsurl", "http://js.geninfocloud.com/plugin/
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.pluginsversion", 60);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.publisher", "HQ-Video");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.searchstatus", 0);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.setnewtab", false);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.thankyou", "");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.updateinterval", 360);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.52922.ver", 66);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.apps", "52922");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.bic", "1472f97d06008d08b8a153da947a987a");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.cid", 52922);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.FilesValidatorDueTime", "1405252843269");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.firstrun", false);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.hadappinstalled", true);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.installationdate", 1405252784);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.modetype", "production");
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.reportInstall", true);
user_pref("extensions.aa841c8b54960455587bfdbd75965c3f5aec11bbe81d643aa873ca071b69ed8a5com52922.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----

prefs_082014_1647_.backup

==== Deleting Files \ Folders ======================

C:\Users\Neiliandro da Silva\.android deleted
C:\found.000 deleted
C:\Users\Neiliandro da Silva\AppData\Roaming\Allmyapps deleted
C:\Users\Neiliandro da Silva\AppData\Roaming\GetRightToGo deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\SimplyTech deleted
C:\Users\Neiliandro da Silva\AppData\Local\cache deleted
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\windows\SysNative\Tasks\SystemSockets deleted
C:\windows\SysNative\Tasks\Browser Updater deleted
C:\Users\Neiliandro da Silva\Searches deleted
C:\Users\Neiliandro da Silva\AppData\LocalLow\Plus-HD-4.4 deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\SimplyTech deleted
C:\Windows\Reimage.ini deleted
C:\windows\SysNative\tasks\ProtectedSearch deleted
C:\windows\SysNative\tasks\Baidu Antivirus Update deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Windows\tasks\Digital Sites.job deleted
C:\Windows\Launcher.exe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\NEILIA~1\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default\extensions\staged deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Neiliandro da Silva\AppData\Local\GAS Tecnologia\GBBD\bb\sf.xpi" [09/07/2013 17:25]

==== Firefox Extensions ======================

ProfilePath: C:\Users\NEILIA~1\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default
- Undetermined - C:\Users\Neiliandro da Silva\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default\extensions\a841c8b5-4960-4555-87bf-dbd75965c3f5@aec11bbe-81d6-43aa-873c-a071b69ed8a5.com
- DownloadHelper - C:\Users\Neiliandro da Silva\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- LogMeIn Inc. Remote Access Plugin - %ProfilePath%\extensions\LogMeInClient@logmein.com
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Baixou Agora - %ProfilePath%\extensions\BaixouAgora@Baixou.xpi
- NewTabURL - %ProfilePath%\extensions\newtaburl@sogame.cat.xpi
- Vacuum Places Improved - %ProfilePath%\extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
- Download Statusbar - %ProfilePath%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Neiliandro da Silva\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default
29B5096C332ECE24A72024212A2282EF - C:\Users\Neiliandro da Silva\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Neiliandro da Silva\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
DF75FC32D3EB681B6FE7C092D6FC4695 - C:\Users\Neiliandro da Silva\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
54FC590185D7D00D65E53B9A5990DC14 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll - Shockwave Flash
6405D35B002039122117B4EAD3EDD8BD - C:\Users\Neiliandro da Silva\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal

==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Neiliandro da Silva\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[24/09/2013 16:38]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Neiliandro da Silva\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[21/11/2012 15:32]

Docs - neiliandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - neiliandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - neiliandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - neiliandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
hdtotal1.2 - neiliandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\egihcegngbfhhhnfjfamognnonckdklg
SiteAdvisor - neiliandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Gmail - neiliandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\neiliandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\egihcegngbfhhhnfjfamognnonckdklg deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1404665688639&tguid=77324-18194-1404665688639-3E727002D63BCFD0CFBA93612FF21E8F&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\neiliandro\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\neiliandro\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2995875875-2491209139-696693241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91932eaa-ced3-42eb-a64e-a981b8b52330} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{91932eaa-ced3-42eb-a64e-a981b8b52330} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{91932eaa-ced3-42eb-a64e-a981b8b52330} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91932eaa-ced3-42eb-a64e-a981b8b52330} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91932eaa-ced3-42eb-a64e-a981b8b52330} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{91932eaa-ced3-42eb-a64e-a981b8b52330} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{91932eaa-ced3-42eb-a64e-a981b8b52330} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Neiliandro da Silva\Desktop\Afinador 3.0.lnk - C:\Program Files (x86)\D'Accord Afinador 3.0\Afinador.exe
C:\Users\Neiliandro da Silva\Desktop\Afinador.lnk - C:\Program Files (x86)\D'Accord Afinador 3.0\Afinador.exe
C:\Users\Neiliandro da Silva\Desktop\CADe_SIMU - 4962.lnk - C:\Users\Neiliandro da Silva\Documents\ELÉTROTÉCNICA\EBOOKS\programas\Simulador CADe_SIMU\Simulador CADe_SIMU\CADe_SIMU.exe
C:\Users\Neiliandro da Silva\Desktop\Computador.lnk -
C:\Users\Neiliandro da Silva\Desktop\ControlCenter4.lnk - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /model="DCP-7055"
C:\Users\Neiliandro da Silva\Desktop\Dev-C++.lnk - C:\Dev-Cpp\devcpp.exe
C:\Users\Neiliandro da Silva\Desktop\Documentos - Atalho.lnk - C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
C:\Users\Neiliandro da Silva\Desktop\ELÉTROTÉCNICA.lnk -
C:\Users\Neiliandro da Silva\Desktop\Firefox.lnk - C:\Users\Neiliandro da Silva\Documents\diversos\Nova pasta (3)\Nova pasta (2)\Nova pasta\programas\FirefoxPortable\FirefoxPortable.exe
C:\Users\Neiliandro da Silva\Desktop\FluidSIM-Pneumática.lnk -
C:\Users\Neiliandro da Silva\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Neiliandro da Silva\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Neiliandro da Silva\Desktop\Lumisoft ® 2008.lnk -
C:\Users\Neiliandro da Silva\Desktop\Multisim 12.0.lnk - C:\Program Files (x86)\National Instruments\Circuit Design Suite 12.0\multisim.exe
C:\Users\Neiliandro da Silva\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Neiliandro da Silva\Desktop\Samsung Drive Manager.lnk - C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
C:\Users\Neiliandro da Silva\Desktop\SpyHunter.lnk - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Users\Neiliandro da Silva\Desktop\SupUPS10.LNK - C:\Program Files (x86)\SupUPS10\SupUPS.exe
C:\Users\Neiliandro da Silva\Desktop\TEBE MCU Service.lnk - C:\Program Files (x86)\Benning Gmbh & Co. KG\TEBE MCU Service\Mcu.exe
C:\Users\Neiliandro da Silva\Desktop\The Elder Scrolls V Skyrim.lnk - C:\Program Files (x86)\The Elder Scrolls V Skyrim\SkyrimLauncher.exe
C:\Users\Neiliandro da Silva\Desktop\Wavewin ABB.lnk - C:\Program Files (x86)\ABB\Wavewin ABB\wavewin32.exe
C:\Users\Neiliandro da Silva\Desktop\µTorrent.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AutoCAD 2013 - English.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2013\acad.exe /product ACAD /language "en-US"
C:\Users\Public\Desktop\AutoCAD 2013 – Português.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Elipse SCADA.lnk - C:\Program Files (x86)\Elipse SCADA\Elipse32.exe
C:\Users\Public\Desktop\GeoGebra.lnk - C:\Program Files (x86)\GeoGebra 4.2\GeoGebra.exe
C:\Users\Public\Desktop\LogixPro.lnk - C:\Program Files (x86)\TheLearningPit\LogixPro\LogixPro.exe
C:\Users\Public\Desktop\PCM600 2.5.lnk - C:\Program Files (x86)\ABB\PCM600_25\bin\PCMFrame.exe
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe
C:\Users\Public\Desktop\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\The Elder Scrolls V Skyrim Dragonborn.lnk - C:\Program Files (x86)\The Elder Scrolls V Skyrim\The Elder Scrolls V Skyrim\SkyrimLauncher.exe
C:\Users\Public\Desktop\Update Manager.lnk - C:\Program Files (x86)\Common Files\ABB\UpdateManager\UpdateManager.exe
C:\Users\Public\Desktop\VMware Player.lnk - C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheLearningPit\LogixPro\AB SLC® Instruction Set Reference.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheLearningPit\LogixPro\LogixPro.lnk - C:\Program Files (x86)\TheLearningPit\LogixPro\LogixPro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheLearningPit\LogixPro\ReadMe.txt.lnk - C:\Program Files (x86)\TheLearningPit\LogixPro\Readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheLearningPit\LogixPro\Student Exercises.lnk - C:\Program Files (x86)\TheLearningPit\LogixPro\doc\index.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheLearningPit\LogixPro\Uninstall LogixPro.lnk - C:\Program Files (x86)\TheLearningPit\LogixPro\unins000.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk - C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk - C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\neiliandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\neiliandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\neiliandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\neiliandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\neiliandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\neiliandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Arquivo161212.lnk - C:\Program Files (x86)\Arquivo161212\arquivo1f161212.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dev-C++.lnk - C:\Dev-Cpp\devcpp.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk - C:\Users\Neiliandro da Silva\AppData\Roaming\Baidu\hao123\hao123.1.0.0.1111.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Megacubo.lnk - C:\Program Files (x86)\Megacubo\megacubo.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\25bb2cdfb96af2d6\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Hao123.lnk - C:\Users\Neiliandro da Silva\AppData\Roaming\Baidu\hao123\hao123.1.0.0.1111.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Media Player Classic.lnk - C:\Users\Neiliandro da Silva\Videos\media play classic.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Megacubo.lnk - C:\Program Files (x86)\Megacubo\megacubo.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Nero Express.lnk - C:\Program Files (x86)\Nero\Nero 11\Nero Express\NeroExpress.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WinAVI Video Converter.lnk - C:\Program Files (x86)\Video Converter\WinAVI.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk - C:\Users\Neiliandro da Silva\Documents\diversos\Nova pasta (3)\Nova pasta (2)\Nova pasta\programas\FirefoxPortable\FirefoxPortable.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk - C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18ab78ae-47ce-41a8-8aa3-a7689dafea76}_is1 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\neiliandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Neiliandro da Silva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Neiliandro da Silva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\neiliandro\AppData\Local\Mozilla\Firefox\Profiles\972uqp3s.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\neiliandro\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=933 folders=137 13392395 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\neiliandro\AppData\Local\Temp emptied successfully
C:\Users\Neiliandro da Silva\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\NEILIA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 13/08/2014 at 17:00:53,36 ======================

por **Power Max** Qua 13 Ago 2014, 17:23

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por neiliandro Qua 13 Ago 2014, 20:24

Obrigado Power Max, segue abaixo o relatório do Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Neiliandro da Silva on 13/08/2014 at 20:04:06,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544294422}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544294422}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544294422}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544294422}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/08/2014 at 20:14:50,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Qua 13 Ago 2014, 23:59

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

por neiliandro Qui 14 Ago 2014, 15:05

Boa tarde Power Max, segue o log do Malwarebytes.

Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Protection, 14/08/2014 11:05:21, SYSTEM, NEILIANDRO, Protection, Malware Protection, Starting,
Protection, 14/08/2014 11:05:21, SYSTEM, NEILIANDRO, Protection, Malware Protection, Started,
Protection, 14/08/2014 11:05:21, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Starting,
Protection, 14/08/2014 11:06:05, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Started,
Update, 14/08/2014 11:06:30, SYSTEM, NEILIANDRO, Manual, Rootkit Database, 2014.2.20.1, 2014.8.4.1,
Update, 14/08/2014 11:06:38, SYSTEM, NEILIANDRO, Manual, Malware Database, 2014.3.4.9, 2014.8.14.6,
Protection, 14/08/2014 11:06:39, SYSTEM, NEILIANDRO, Protection, Refresh, Starting,
Protection, 14/08/2014 11:06:39, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Stopping,
Protection, 14/08/2014 11:06:39, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Stopped,
Protection, 14/08/2014 11:06:44, SYSTEM, NEILIANDRO, Protection, Refresh, Success,
Protection, 14/08/2014 11:06:44, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Starting,
Protection, 14/08/2014 11:06:44, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Started,
Update, 14/08/2014 12:28:01, SYSTEM, NEILIANDRO, Scheduler, Malware Database, 2014.8.14.6, 2014.8.14.8,
Protection, 14/08/2014 12:28:03, SYSTEM, NEILIANDRO, Protection, Refresh, Starting,
Protection, 14/08/2014 12:28:03, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Stopping,
Protection, 14/08/2014 12:28:03, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Stopped,
Protection, 14/08/2014 12:29:29, SYSTEM, NEILIANDRO, Protection, Refresh, Success,
Protection, 14/08/2014 12:29:29, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Starting,
Protection, 14/08/2014 12:29:30, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Started,
Update, 14/08/2014 13:25:46, SYSTEM, NEILIANDRO, Scheduler, Malware Database, 2014.8.14.8, 2014.8.14.9,
Protection, 14/08/2014 13:25:50, SYSTEM, NEILIANDRO, Protection, Refresh, Starting,
Protection, 14/08/2014 13:25:51, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Stopping,
Protection, 14/08/2014 13:25:52, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Stopped,
Protection, 14/08/2014 13:27:50, SYSTEM, NEILIANDRO, Protection, Refresh, Success,
Protection, 14/08/2014 13:27:51, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Starting,
Protection, 14/08/2014 13:27:59, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Started,
Protection, 14/08/2014 14:40:43, SYSTEM, NEILIANDRO, Protection, Malware Protection, Starting,
Protection, 14/08/2014 14:40:43, SYSTEM, NEILIANDRO, Protection, Malware Protection, Started,
Protection, 14/08/2014 14:40:43, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Starting,
Protection, 14/08/2014 14:41:09, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, Started,
Detection, 14/08/2014 14:43:06, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 77.78.231.51, 40501, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:43:06, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 77.78.231.51, 40501, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:45:12, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 213.231.5.64, 40501, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:45:13, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 213.231.5.64, 40501, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:45:35, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 93.114.45.139, 40501, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:45:35, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 93.114.45.139, 40501, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:45:35, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 93.114.45.139, 49439, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:46:29, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 93.114.45.139, 49507, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:49:21, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 93.114.45.139, 49646, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:50:50, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 93.114.45.139, 49753, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:52:10, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 93.114.45.139, 49785, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:54:19, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 93.114.45.139, 49864, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:56:31, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 93.114.45.139, 49923, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 14:58:00, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 93.114.45.139, 49945, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 14/08/2014 15:00:29, SYSTEM, NEILIANDRO, Protection, Malicious Website Protection, IP, 93.114.45.139, 50015, Outbound, C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe,

(end)

por **Power Max** Qui 14 Ago 2014, 15:12

Siga as dicas abaixo para acessar o Log (relatório) correto do Malwarebytes:

Para isto abra o Malwarebytes > Clique no botão Histórico > Clique em Logs de Aplicativos > E dê um duplo clique com o botão esquerdo do mouse sobre o Log de Verificação mais atual para abri-lo. Isto é mostrado nesta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na próxima tela que surgirá clique no botão Exportar > e clique na opção Arquivo texto (*.txt):

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na outra tela que vai aparecer dê um nome para este relatório (como LOG por exemplo) > Clique em Área de Trabalho (para que ele seja salvo no seu Desktop) > Clique em Salvar:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Clique em OK na próxima mensagem que aparece:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Depois disto é só postar este log do Malwarebytes em sua próxima resposta.

por neiliandro Qui 14 Ago 2014, 15:45

Obrigado, segue o log do Malwarebytes.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 14/08/2014
Hora da Verificação: 11:08:48
Logfile: log.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.08.14.06
Rootkit Database: v2014.08.04.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Neiliandro da Silva

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 681540
Tempo Decorrido: 2 hr, 41 min, 30 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 9
PUP.Optional.HomeTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HomeTab, Quarantined, [bac4329493e8bc7a348ddf0efc06758b],
PUP.Optional.HDTotal.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\hdtotal1.2, Quarantined, [77079036f982db5b4714a8923dc79e62],
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.4, Quarantined, [136bb80ef08b66d0573cc6376999af51],
PUP.Optional.SimplyTech.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SIMPLYTECH\Toolbar, Quarantined, [f38bc2040378092dd1ef10dd4ab8af51],
PUP.Optional.HomeTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SIMPLYTECH\HomeTab, Quarantined, [314dbb0b9fdcde58f17225e1de25e11f],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2995875875-2491209139-696693241-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.4, Quarantined, [ccb254723d3e83b372216796cd35d12f],
PUP.Optional.DealPly.A, HKU\S-1-5-21-2995875875-2491209139-696693241-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [7e00f4d21368a591b5e7915ed32ff907],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2995875875-2491209139-696693241-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [5e20f1d54833bd790ea6e351e02442be],
PUP.Optional.HDTotal.A, HKU\S-1-5-21-2995875875-2491209139-696693241-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\hdtotal1.2, Quarantined, [9ce2dcea6516a195015a62d8fe0603fd],

Valores de Registro: 2
PUP.Optional.SearchCertified.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Quarantined, [6d1153734239c670e8de5a8f34ce05fb]
PUP.Optional.HomeTab.A, HKU\S-1-5-21-2995875875-2491209139-696693241-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Quarantined, [9ae49f2752291e183929a56150b39a66]

Dados do Registro: 10
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (%appdata%\SimplyTech\home\home.htm),Replaced,[2955f9cd1863d462875d3490f311966a]
Hijack.SearchPage, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q=),Replaced,[c6b87a4cfa810c2a85c39a341ce89a66]
Hijack.SearchPage, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q=),Replaced,[532b8a3cdba02b0b2c1b0bc3ef15619f]
Hijack.SearchPage, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q=),Replaced,[5d213a8c1e5d4aec6fd7f8d69c6840c0]
Hijack.SearchPage, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com/), Bad: (http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q=),Replaced,[4d31a91dc3b8b4824904dbf31aea29d7]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&st=chrome&q=),Replaced,[542a3e88dc9f1f17fafe378db54f07f9]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s),Replaced,[b4caa620f28996a065f7448cc2420af6]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s),Replaced,[8bf3b5114635023473e99937dd271ce4]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s),Replaced,[0876972f9ae10a2cf469a32d71930df3]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.5&ts=1404665760508&tguid=77324-18194-1404665760508-3E727002D63BCFD0CFBA93612FF21E8F&q=%s),Replaced,[6c12b01686f5360092cb19b7ba4ad42c]

Pastas: 0
(No malicious items detected)

Arquivos: 29
PUP.Optional.OpenCandy, C:\Users\Neiliandro da Silva\Downloads\foxit-reader-6.1.2.1224.exe, Quarantined, [4836b51197e48ea8e000d91bc63e5ea2],
PUP.Optional.Sambreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\ClearThink.FirstRun.exe.vir, Quarantined, [ef8fd9edf18a2610e21e81df788934cc],
PUP.Optional.ClearThink.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\ClearThinkBHO.dll.vir, Quarantined, [225c81459edd56e0e08edecc9b6653ad],
PUP.Optional.ClearThink.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\ClearThinkUninstall.exe.vir, Quarantined, [3a44893ddba0a195ee54005036cac53b],
PUP.Optional.ClearThink.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\updateClearThink.exe.vir, Quarantined, [b1cdecda413a7cba6c03802a9c657a86],
PUP.Optional.GrooveDock, C:\AdwCleaner\Quarantine\C\Program Files (x86)\GrooveDock\GrooveDockUninstall.exe.vir, Quarantined, [f28c8d39e596211579787233996860a0],
PUP.Optional.GrooveDock.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\GrooveDock\updateGrooveDock.exe.vir, Quarantined, [7c023b8be09b8aacd24cef71d829ee12],
PUP.Optional.GrooveDock.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\GrooveDock\bin\utilGrooveDock.exe.vir, Quarantined, [502e2b9b4d2e999d95896af6639ece32],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\GrooveDock\bin\plugins\GrooveDock.BrowserAdapterS.dll.vir, Quarantined, [81fddbeb94e78ea8a0167a1627dab947],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\GrooveDock\bin\plugins\GrooveDock.DspSvc.dll.vir, Quarantined, [304e43833d3e13238a962a7337caa15f],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\GrooveDock\bin\plugins\GrooveDock.PurBrowse.dll.vir, Quarantined, [abd3d3f389f223130a84f48c3ec33cc4],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\GrooveDock\bin\plugins\GrooveDock.PurBrowseG.dll.vir, Quarantined, [afcf5b6ba8d367cfeefddea31de4bf41],
PUP.Optional.HDTotal.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\hdtotal1.2\hdtotal1.2-bg.exe.vir, Quarantined, [106e5a6cdf9c5bdb2738f77a8f720bf5],
PUP.Optional.HDTotal.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\hdtotal1.2\hdtotal1.2-bho.dll.vir, Quarantined, [047a8e38d6a5bd798bd41d54b948a15f],
PUP.Optional.HDTotal.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\hdtotal1.2\hdtotal1.2-bho64.dll.vir, Quarantined, [ef8f774f7dfe1f17b7a8502198698d73],
PUP.Optional.HDTotal.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\hdtotal1.2\hdtotal1.2-chromeinstaller.exe.vir, Quarantined, [9fdfeed845362b0b6ff0076a4db418e8],
PUP.Optional.HDTotal.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\hdtotal1.2\hdtotal1.2-codedownloader.exe.vir, Quarantined, [45398b3b7cff4cea5f00a1d09170cb35],
PUP.Optional.HDTotal.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\hdtotal1.2\hdtotal1.2-enabler.exe.vir, Quarantined, [08760db9d1aa37ff0c53a4cdaa57c040],
PUP.Optional.HDTotal.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\hdtotal1.2\hdtotal1.2-firefoxinstaller.exe.vir, Quarantined, [b4caedd997e43ef8bfa0aec335cc7f81],
PUP.Optional.HDTotal.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\hdtotal1.2\hdtotal1.2-updater.exe.vir, Quarantined, [6a14b90d83f8999d91ce8ce57889a957],
PUP.Optional.CrossRider.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\hdtotal1.2\utils.exe.vir, Quarantined, [bec064621c5f043256e1aa96e61abf41],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Users\Neiliandro da Silva\AppData\Local\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir, Quarantined, [abd396300378ff37b063e975c23fff01],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Users\Neiliandro da Silva\AppData\Local\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir, Quarantined, [215d497d7cff56e02ce7055922dfaa56],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Users\Neiliandro da Silva\AppData\Local\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir, Quarantined, [601e537303785adcb45f045af60b8c74],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Users\Neiliandro da Silva\AppData\Local\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir, Quarantined, [601e94323348ab8b0a098dd1c041b44c],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Users\Neiliandro da Silva\AppData\Local\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir, Quarantined, [027c7f47b7c457df9b784519c938956b],
PUP.Optional.InstallCore, C:\AdwCleaner\Quarantine\C\Users\Neiliandro da Silva\VideoConverter\Uninstall\__Uninstall_.exe.vir, Quarantined, [5a24576f364594a274eb495243c1ee12],
PUP.Optional.AdvancedSystemProtector, C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir, Quarantined, [93eb08bed3a80b2bca12396ea859c739],
Trojan.VirTool, C:\Program Files (x86)\The Elder Scrolls V Skyrim\The Elder Scrolls V Skyrim\steam_api.dll, Quarantined, [5a24d0f61d5e9a9c7f39f0535ca67d83],

Physical Sectors: 0
(No malicious items detected)

(end)

por **Power Max** Qui 14 Ago 2014, 15:50

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por neiliandro Qui 14 Ago 2014, 16:13

Segue anexo o relatório do ZHPDiag

~ Relatório do ZHPDiag v2014.8.13.118 - Nicolas Coolman (13/08/2014)
~ Iniciado por Neiliandro da Silva (14/08/2014 16:02:33)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador :

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.143 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v3.24

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4003 MB (32% free)
System Restore: Activé (Enable)
System drive C: has 432 GB (47%) free of 918 GB

---\\ Modo de conexão ao sistema
~ Computer Name: NEILIANDRO
~ User Name: Neiliandro da Silva
~ All Users Names: __vmware_user__, Neiliandro da Silva, neiliandro, HomeGroupUser$, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Neiliandro da Silva\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Neiliandro da Silva\AppData\Roaming\
~ %Desktop% : C:\Users\Neiliandro da Silva\Desktop\
~ %Favorites% : C:\Users\Neiliandro da Silva\Favorites\
~ %LocalAppData% : C:\Users\Neiliandro da Silva\AppData\Local\
~ %StartMenu% : C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 432 Go of 918 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 273 Go of 932 Go)
G: Floppy drive, Flash card reader, USB Key (Free 0 Go of 7 Go)
H: Hard drive, Flash drive, Thumb drive (Free 739 Go of 932 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.26/09/2012 - 05:58:43.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/09/2012 - 05:58:37.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/1523
~ Mes musiques (My Musics) : 2/12792
~ Mes Videos (My Videos) : 2/77
~ Mes Favoris (My Favorites) : 1/204
~ Mes Documents (My Documents) : 4/38721
~ Mon Bureau (My Desktop) : 7/44
~ Menu demarrer (Programs) : 1/69
~ Hidden Files: Scanned in 01mn 58s

---\\ Processos lançados
[MD5.A0EFD62D293126E60A56EA90AB9858E5] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [555048] [PID.912]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.3808]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Facebook Installer.) -- C:\Users\Neiliandro da Silva\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.6136]
[MD5.6BF7676296D5359AFC135A5397000053] - (.Acresso Corporation - Acresso Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496] [PID.5460]
[MD5.DDBA8BB846BF7BAE63AD46F8472F1A98] - (.National Instruments Corporation - NI Error Reporting Server.) -- C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [659648] [PID.5964]
[MD5.A01408DE3F12DCD9E7A0FA5C25AE37F4] - (.Clarus, Inc. - ABRTMon.) -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe [136192] [PID.5168]
[MD5.4164A47F3A2DA7EA44572904C3DF44A4] - (.No owner - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544] [PID.5716]
[MD5.F83442FFAB25793EFFEA32CE7D944A04] - (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536] [PID.5452]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.1552]
[MD5.E780C87CB6D58E54D47AF236AA66FAD7] - (.VMware, Inc. - VMware Host Network Access Status Tray Appl.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [64048] [PID.5600]
[MD5.E5F1D2C7D51C816437BBE2306828BC4B] - (.Nuance Communications, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984] [PID.5136]
[MD5.9F0ACAA725CF5A391AF7E2067AE45746] - (.Nuance Communications, Inc. - PdfCreateHook Application.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe [636192] [PID.5160]
[MD5.7F42FFCD6FF7CA558C2D95DADCD5EFA9] - (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440] [PID.5172]
[MD5.B178A5A417A064FD369E5923FEE278F6] - (.ABB - ABB Lifecycle Service Tool.) -- C:\Program Files (x86)\ABB\LCTDataCollector\ABB Lifecycle Service Tool.exe [31552] [PID.5192]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.760]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.5812]
[MD5.E3564D023DCCA4A1854DC2226C99120D] - (.Brother Industries, Ltd. - ControlCenter Main Process.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe [335872] [PID.4812]
[MD5.9542FE2D15F105CD31CB1341DFBF4086] - (.ABB - ABB Lifecycle Service Tool Manager.) -- C:\Program Files (x86)\ABB\LCTDataCollector\4.1.0.0\ABB Lifecycle Service Tool Manager.exe [38720] [PID.6164]
[MD5.7CFD44EDD74553FC8EE8479A79987579] - (.Brother Industries, Ltd. - ControlCenter UX System.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe [1204224] [PID.6780]
[MD5.026023691FB1EBDE0FB1F3978248A4A6] - (.PortableApps.com - Mozilla Firefox, Portable Edition.) -- C:\Users\Neiliandro da Silva\Documents\diversos\Nova pasta (3)\Nova pasta (2)\Nova pasta\programas\FirefoxPortable\FirefoxPortable.exe [164048] [PID.1408]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Users\Neiliandro da Silva\Documents\diversos\Nova pasta (3)\Nova pasta (2)\Nova pasta\programas\FirefoxPortable\App\firefox\firefox.exe [275568] [PID.9272]
[MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Users\Neiliandro da Silva\Documents\diversos\Nova pasta (3)\Nova pasta (2)\Nova pasta\programas\FirefoxPortable\App\firefox\plugin-container.exe [18544] [PID.4960]
[MD5.5D60EE718D0C708D69DFF4B3336B68BF] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe [1862536] [PID.8388]
[MD5.DC2E338E63159454B71659D82515A04E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8091648] [PID.2376]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Neiliandro da Silva\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.4.0 (Désactivé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Neiliandro da Silva\AppData\Roaming\Mozilla\Firefox\Profiles\a7iol6jg.default\prefs.js
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886D} . (...) -- C:\Users\Neiliandro da Silva\AppData\Local\GAS Tecnologia\GBBD\cef\sf.xpi
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886C} . (...) -- C:\Users\Neiliandro da Silva\AppData\Local\GAS Tecnologia\GBBD\bb\sf.xpi
M2 - MFEP: Extension [Neiliandro da Silva - a7iol6jg.default] {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
M2 - MFEP: Extension [Neiliandro da Silva - a7iol6jg.default] {73a6fe31-595d-460b-a920-fcc0f8843232}
M2 - MFEP: Extension [Neiliandro da Silva - a7iol6jg.default] {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
M2 - MFEP: Extension [Neiliandro da Silva - a7iol6jg.default] {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Neiliandro da Silva\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Neiliandro da Silva\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 22 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
~ IE Browser: 25 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
~ BHO: 15 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Neiliandro da Silva]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Neiliandro da Silva]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Neiliandro da Silva]: SpyHunter.lnk . (.Enigma Software Group USA, LLC. - SpyHunter4 application.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe =>Crapware.SpyHunter
O4 - GS\Desktop [Neiliandro da Silva]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 4 Legitimates Filtered in 00mn 05s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio TPE.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Suite Common Rescource.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [DellStage] . (.No owner - Dell Stage.) -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
O4 - HKLM\..\Run: [Samsung Link] . (.Copyright 2013 SAMSUNG - Samsung Link Tray Agent.) -- C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Neiliandro da Silva\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [ISUSPM] . (.Acresso Corporation - Acresso Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [Dell Registration] . (.Dell, Inc. - System Registration.) -- C:\Program Files (x86)\System Registration\prodreg.exe
O4 - HKLM\..\Wow6432Node\Run: [RoxWatchTray] . (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe =>.Sonic Solutions
O4 - HKLM\..\Wow6432Node\Run: [Desktop Disc Tool] . (.No owner - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe =>.Roxio
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [AccuWeatherWidget] . (.No owner - AccuWeather.com desktop weather widget.) -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
O4 - HKLM\..\Wow6432Node\Run: [NI Update Service] . (.National Instruments - National Instruments Update Service.) -- C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
O4 - HKLM\..\Wow6432Node\Run: [VMware hqtray] . (.VMware, Inc. - VMware Host Network Access Status Tray Appl.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
O4 - HKLM\..\Wow6432Node\Run: [IndexSearch] . (.Nuance Communications, Inc. - PaperPort IndexSearch.) -- C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe
O4 - HKLM\..\Wow6432Node\Run: [PaperPort PTD] . (.Nuance Communications, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
O4 - HKLM\..\Wow6432Node\Run: [PPort12reminder] . (.Nuance Communications, Inc. - Ereg.) -- C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe
O4 - HKLM\..\Wow6432Node\Run: [PDFHook] . (.Nuance Communications, Inc. - PdfCreateHook Application.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Wow6432Node\Run: [PDF5 Registry Controller] . (.Nuance Communications, Inc. - PDF Converter Registry Controller.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter4] . (.Brother Industries, Ltd. - ControlCenter Launcher.) -- C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
O4 - HKLM\..\Wow6432Node\Run: [BrStsMon00] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
O4 - HKLM\..\Wow6432Node\Run: [ABB Lifecycle Service] . (.ABB - ABB Lifecycle Service Tool.) -- C:\Program Files (x86)\ABB\LCTDataCollector\ABB Lifecycle Service Tool.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Clarus Drive Manager] . (.Clarus, Inc. - Samsung Drive Manager.) -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2995875875-2491209139-696693241-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Neiliandro da Silva\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2995875875-2491209139-696693241-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2995875875-2491209139-696693241-1000\..\Run: [ISUSPM] . (.Acresso Corporation - Acresso Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
O4 - HKUS\S-1-5-21-2995875875-2491209139-696693241-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C724388-AD8C-4EC5-9040-0487D2896AD6}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{211BF85E-7908-4786-8062-D6696717FC25}: DhcpNameServer = 187.36.192.33 187.36.192.28 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C724388-AD8C-4EC5-9040-0487D2896AD6}: DhcpNameServer = 187.36.192.33 187.36.192.28 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C724388-AD8C-4EC5-9040-0487D2896AD6}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{211BF85E-7908-4786-8062-D6696717FC25}: DhcpNameServer = 187.36.192.33 187.36.192.28 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C724388-AD8C-4EC5-9040-0487D2896AD6}: DhcpNameServer = 187.36.192.33 187.36.192.28 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C724388-AD8C-4EC5-9040-0487D2896AD6}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{211BF85E-7908-4786-8062-D6696717FC25}: DhcpNameServer = 187.36.192.33 187.36.192.28 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C724388-AD8C-4EC5-9040-0487D2896AD6}: DhcpNameServer = 187.36.192.33 187.36.192.28 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.36.192.33 187.36.192.28 201.6.4.116
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: PCMMessengerService (PCMMessengerService) . (.ABB - No Comment.) - C:\Program Files (x86)\ABB\PCM600_25\bin\Services\PCMMessengerService.exe
O23 - Service: Serviço Auxiliar do Smart Installer (SI Service) . (...) - C:\Program Files (x86)\SI Service\SIService.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) . (.Clarus, Inc. - SZDrvSvc.) - C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
~ Services: 33 Legitimates Filtered in 04mn 26s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS.exe (.not file.) [0] =>Trojan.AutoKMS
[MD5.00000000000000000000000000000000] [APT] [{55E1A22D-B875-42FF-97A2-2A0B607FEC45}] (...) -- C:\Users\Neiliandro da Silva\Documents\ELTROTCNICA\P 58\UPS-RETIFICADOR Adelco\UPS\SOFTWARES\COMRET - vesrsÆo 1.0.13\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{94DD71A9-D632-4162-93B2-30B537BB5F12}] (...) -- C:\Users\Neiliandro da Silva\Desktop\zoek\zoek.com" -d "C:\Users\Neiliandro da Silva\Desktop\zoek" (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CEA5BAD8-FA0B-46D6-BFC6-24F78FD022E0}] (...) -- C:\Users\Neiliandro da Silva\Downloads\dotnetfx35.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [228] =>Trojan.AutoKMS
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [228] =>Trojan.AutoKMS
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2995875875-2491209139-696693241-1000Core [962]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2995875875-2491209139-696693241-1000UA [984]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1090]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1094]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 09s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 90 Legitimates Filtered in 00mn 01s

---\\ Software instalados (042)
O42 - Logiciel: ABB Protection and Control IED Manager PCM600 Ver. 2.5 Hotfix 20130313 - (.ABB Oy.) [HKLM][64Bits] -- ABB Protection and Control IED Manager PCM600 Ver. 2.5 Hotfix 20130313
O42 - Logiciel: ABB Protection and Control IED Manager PCM600 Ver. 2.5 Hotfix 20130614 - (.ABB Oy.) [HKLM][64Bits] -- ABB Protection and Control IED Manager PCM600 Ver. 2.5 Hotfix 20130614
O42 - Logiciel: ABB Protection and Control IED Manager PCM600 Ver. 2.5 Hotfix 20130626 - (.ABB Oy.) [HKLM][64Bits] -- ABB Protection and Control IED Manager PCM600 Ver. 2.5 Hotfix 20130626
O42 - Logiciel: ABB Protection and Control IED Manager PCM600 Ver. 2.5 Hotfix 20131009 - (.ABB Oy.) [HKLM][64Bits] -- ABB Protection and Control IED Manager PCM600 Ver. 2.5 Hotfix 20131009
O42 - Logiciel: ABB REF630 Connectivity Package Ver 1.2 - (.ABB .) [HKLM][64Bits] -- {89DD13B6-93E8-4661-9D4B-585C87E9ED60}
O42 - Logiciel: ABB REM630 Connectivity Package Ver 1.2 - (.ABB .) [HKLM][64Bits] -- {F87971A3-F442-41E9-B839-D05B983D291B}
O42 - Logiciel: ABB RET630 Connectivity Package Ver 1.2 - (.ABB .) [HKLM][64Bits] -- {4D5E2E7D-1037-42E0-91DB-A71F1B116204}
O42 - Logiciel: Arquivo161212 - (...) [HKLM][64Bits] -- {F47ED4E6-07E6-4CBB-B392-5ECCDFBB07EA}_is1
O42 - Logiciel: D'Accord Afinador 3.0 - (.D'Accord Music Software.) [HKLM][64Bits] -- Afinador 3.0_is1
O42 - Logiciel: Elipse SCADA - (.Elipse Software.) [HKLM][64Bits] -- {2B70AB64-7F1A-4496-A91D-7750C6DE5EF2}
O42 - Logiciel: FluidSIM-Pneumática - (...) [HKLM][64Bits] -- FluidSIM-Pneumática
O42 - Logiciel: HI-TECH C Compiler for the PIC10/12/16 MCUs V9.82PL0 - (.HI-TECH Software.) [HKLM][64Bits] -- PICC 9.82
O42 - Logiciel: HI-TECH C51-lite V9.60PL0 - (.HI-TECH Software.) [HKLM][64Bits] -- HC51 9.60PL0
O42 - Logiciel: HI-TECH PICC lite V9.60PL0 - (.HI-TECH Software.) [HKLM][64Bits] -- PICC 9.60PL0
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: LogixPro Simulator -- Trial CD Edition - (...) [HKLM][64Bits] -- LogixPro PLC Simulator -- Trial CD Edition_is1
O42 - Logiciel: Módulo Adicional de Segurança CAIXA - (...) [HKLM][64Bits] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: RSLogix 500 English 7.10.00 (CPR 7) - (.Rockwell Software Inc.) [HKLM][64Bits] -- {63A49017-81D4-4969-921E-68FEAC93BC6A}
O42 - Logiciel: RSLogix Emulate 500 - (.Rockwell Software, Inc..) [HKLM][64Bits] -- {448F85EA-385F-4332-8514-C56EEDBAC49C}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: S7-200 Explorer V1.0.1.4 - (...) [HKLM][64Bits] -- {5A02BAA6-BAA1-4630-B005-37DAA74BE689}
O42 - Logiciel: SI Service - (.CNB Technologies LLC.) [HKLM][64Bits] -- SI Service
O42 - Logiciel: SIMATIC AuthorsW V2.4 + ServicePack 2 - (...) [HKLM][64Bits] -- AuthorsW
O42 - Logiciel: SIMATIC STEP 7-Micro/WIN V4.0.1.10 - (...) [HKLM][64Bits] -- {91F7EA3B-BB8A-4FA2-B37B-3D076D54C5EE}
O42 - Logiciel: SupUPS10 - (...) [HKLM][64Bits] -- ST6UNST #1
O42 - Logiciel: TEBE MCU Service V2.26 - (.Benning GmbH&Co.KG.) [HKLM][64Bits] -- TEBE MCU Service_is1
O42 - Logiciel: TLP LogixPro Simulator - (...) [HKLM][64Bits] -- LogixPro PLC Simulator_is1
O42 - Logiciel: Wavewin ABB - (.ABB.) [HKLM][64Bits] -- {3BED231A-8E3F-498E-814B-6C64ABE51374}
~ Logic: 46 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\39676InstEnd]
[HKCU\Software\ABB]
[HKCU\Software\Afinador_XX]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Benning GmbH&Co.KG]
[HKCU\Software\GbAs]
[HKCU\Software\RestoreState]
[HKCU\Software\SERPRO]
[HKCU\Software\Schneider]
[HKCU\Software\Vagalume]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\ABB]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\GameVicio]
~ Key Software: 470 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/12/2013 - 18:02:45 - [] ----D C:\Program Files (x86)\ABB
O43 - CFD: 25/11/2013 - 04:14:28 - [] ----D C:\Program Files (x86)\Arquivo161212
O43 - CFD: 06/07/2014 - 13:56:01 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 02/12/2013 - 17:51:24 - [] ----D C:\Program Files (x86)\Benning Gmbh & Co. KG
O43 - CFD: 05/11/2012 - 16:29:32 - [] ----D C:\Program Files (x86)\D'Accord Afinador 3.0
O43 - CFD: 13/10/2013 - 19:34:03 - [] ----D C:\Program Files (x86)\Elipse SCADA
O43 - CFD: 13/10/2013 - 19:48:08 - [] ----D C:\Program Files (x86)\FAEL-LITE 9.0
O43 - CFD: 06/11/2012 - 19:52:49 - [] ----D C:\Program Files (x86)\FluidSIM-Pneumática
O43 - CFD: 24/04/2013 - 12:15:29 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 05/07/2014 - 15:24:13 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 12/04/2014 - 09:27:41 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 06/07/2014 - 13:52:34 - [] ----D C:\Program Files (x86)\SI Service
O43 - CFD: 09/07/2014 - 23:50:33 - [] ----D C:\Program Files (x86)\SupUPS10
O43 - CFD: 16/12/2013 - 18:18:15 - [] ----D C:\Program Files (x86)\Common Files\ABB
O43 - CFD: 17/10/2013 - 18:57:11 - [] ----D C:\Program Files (x86)\Common Files\Rockwell
O43 - CFD: 16/12/2013 - 18:25:44 - [] ----D C:\ProgramData\ABB
O43 - CFD: 13/08/2014 - 20:27:17 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 17/10/2013 - 18:32:20 - [] ----D C:\ProgramData\WFCU
O43 - CFD: 13/08/2014 - 20:26:31 - [] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Baidu
O43 - CFD: 08/11/2013 - 15:21:40 - [] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Baidu Security
O43 - CFD: 02/12/2013 - 17:53:45 - [] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Benning Gmbh & Co. KG
O43 - CFD: 20/04/2014 - 16:18:25 - [] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\rmi
O43 - CFD: 05/07/2014 - 15:24:15 - [] ----D C:\Users\Neiliandro da Silva\AppData\Local\PokerStars
O43 - CFD: 16/10/2013 - 23:45:31 - [] ----D C:\Users\Neiliandro da Silva\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142190}
O43 - CFD: 16/12/2013 - 18:02:46 - [] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ABB
O43 - CFD: 06/11/2012 - 19:52:50 - [0] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FluidSIM-Pneumática
O43 - CFD: 24/04/2013 - 12:15:29 - [] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 20/04/2014 - 16:24:33 - [0] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123
O43 - CFD: 12/04/2014 - 09:27:25 - [] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
O43 - CFD: 25/11/2013 - 20:05:39 - [] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
O43 - CFD: 09/07/2014 - 23:50:20 - [0] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SupUPS10
~ Program Folder: 272 Legitimates Filtered in 00mn 02s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.2A28D8C649106178202E90742CF32295] - 12/08/2014 - 21:17:38 ---A- . (...) -- C:\Windows\win.ini [612]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 13/08/2014 - 16:16:00 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.12D9DF3AE258191C67744B9EDAD419C9] - 13/08/2014 - 17:00:53 ---A- . (...) -- C:\zoek-results.log [50438]
O44 - LFC:[MD5.D95E64416A4A3ED6986E0F474DA934BD] - 13/08/2014 - 21:38:02 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.734E4429ED51B76BCED84908BF698DEF] - 14/08/2014 - 14:49:35 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [21296]
O44 - LFC:[MD5.734E4429ED51B76BCED84908BF698DEF] - 14/08/2014 - 14:49:35 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [21296]
~ Files: 25 Legitimates Filtered in 00mn 06s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{5463b27b-227e-11e4-81e6-e006e6fdb602}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)
O51 - MPSK:{81b32c88-277b-11e2-b9b7-e006e6fdb602}\AutoRun\command. (...) -- E:\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Megacubo [Key] . (.www.megacubo.net - No Comment.) -- C:\Program Files (x86)\Megacubo\megacubo.exe
~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:11/12/2012 - 12:13:28 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:13/08/2014 - 21:38:02 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:13/08/2014 - 21:38:02 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:13/08/2014 - 21:38:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:20/05/2011 - 11:15:32 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\AthDfu.sys [51872]
O58 - SDL:25/11/2012 - 09:17:22 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:02/06/2013 - 20:07:43 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [98616]
O58 - SDL:06/02/2013 - 07:42:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203544]
O58 - SDL:06/02/2013 - 07:42:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Mobile OBEX Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudobex.sys [203544]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:27/05/2011 - 16:06:16 ---A- . (.IDT, Inc. - IDT PC Audio TPE.) -- C:\Windows\System32\Drivers\stwrt64.sys [528384]
O58 - SDL:18/03/2014 - 19:47:26 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 117 Legitimates Filtered in 00mn 06s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 13/08/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 12/05/2014 - C:\Windows\system32\drivers\mwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation - Malwarebytes Web Access Control.) - LEGACY_MBAMWEBACCESSCONTROL
~ Legacy: 118 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.C0E91EFA4DA014AC7D0A4F0D6F4804EB] [SPRF][09/06/2013] (...) -- C:\Users\Neiliandro da Silva\AppData\Roaming\unins000.dat [12889]
[MD5.92DAD75AEB284FA4652A9029B23AA1FE] [SPRF][27/06/2013] (...) -- C:\Users\Neiliandro da Silva\AppData\Roaming\unins001.dat [13064]
[MD5.9D46D72131D0E36A79D4819F08EA0E0B] [SPRF][13/08/2014] (...) -- C:\Users\Neiliandro da Silva\Desktop\AdwCleaner.exe [1366203]
[MD5.258440BB8AB1F4E222D53179C2B72A84] [SPRF][23/03/2003] (...) -- C:\Users\Neiliandro da Silva\Desktop\Desliga Aí ! sleep 1.0.exe [768000]
[MD5.C1D2EBEBC40491FD3C7E757A5AF27EAD] [SPRF][13/08/2014] (...) -- C:\Users\Neiliandro da Silva\Desktop\zoek.exe [1288704]
~ Files: 12 Legitimates Filtered in 00mn 01s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{04C165B4-EC54-41BB-8F46-B95D3CB74913}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{2AFF1BC1-338E-4CA2-978A-5EE02DDCA9E0}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Neiliandro da Silva\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent 1_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent 1_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentPortable_3_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentPortable_3_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 358 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 19/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 05/11/2012 1432400 | (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Auto 13/08/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Disabled 22/05/2012 76488 | (NIApplicationWebServer64) . (.National Instruments Corporation.) - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SS - | Demand 02/08/2010 1427688 | (NILM License Manager) . (.Macrovision Corporation.) - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
SS - | Demand 05/02/2009 139488 | (OpcEnum) . (.OPC Foundation.) - C:\Windows\SysWOW64\OpcEnum.exe
SS - | Demand 20/02/2013 24576 | (PCMSchedulerService) . (.ABB.) - C:\Program Files (x86)\ABB\PCM600_25\bin\SchedulerService.exe
SS - | Demand 30/04/2014 1716264 | (PDF Architect 2) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect 2\ws.exe
SS - | Demand 30/04/2014 861736 | (pdfforge CrashHandler) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe
SS - | Demand 25/11/2010 1116656 | (RoxMediaDB12OEM) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
SS - | Auto 25/11/2010 219632 | (RoxWatch12) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
SS - | Demand 08/11/2010 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
SS - | Demand 29/11/2010 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Demand 12/10/2009 191024 | (ufad-ws60) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 21/12/2013 404360 | (AllShare Framework DMS) . (.Samsung.) - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
SR - | Auto 20/05/2011 146592 | (Atheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
SR - | Auto 20/05/2011 80032 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Auto 31/01/2012 19232 | (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 13/08/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 25/01/2010 245760 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe
SR - | Auto 15/02/2011 19968 | (CronService) . (.Fork Ltd..) - C:\Prey\platform\windows\cronsvc.exe
SR - | Auto 26/06/2014 555048 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 21/04/2009 2869760 | (hasplms) . (.Aladdin Knowledge Systems Ltd..) - C:\Windows\system32\hasplms.exe
SR - | Auto 06/05/2011 695136 | (LkCitadelServer) . (.National Instruments, Inc..) - C:\Windows\SysWOW64\lkcitdl.exe
SR - | Auto 05/06/2012 50328 | (lkClassAds) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lkads.exe
SR - | Auto 05/06/2012 60568 | (lkTimeSync) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lktsrv.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 22/05/2012 53960 | (NIApplicationWebServer) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SR - | Auto 05/06/2012 370328 | (NIDomainService) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
SR - | Auto 31/05/2012 258776 | (nimDNSResponder) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
SR - | Auto 22/05/2012 53952 | (niSvcLoc) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
SR - | Auto 20/02/2013 36864 | (PCMMessengerService) . (.ABB.) - C:\Program Files (x86)\ABB\PCM600_25\bin\Services\PCMMessengerService.exe
SR - | Auto 08/03/2010 144672 | (PDFProFiltSrvPP) . (.Nuance Communications, Inc..) - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
SR - | Auto 19/05/2014 604512 | (Samsung Link Service) . (.Copyright 2013 SAMSUNG.) - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
SR - | Auto 16/02/2012 1695040 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
SR - | Auto 02/07/2014 423888 | (SI Service) . (...) - C:\Program Files (x86)\SI Service\SIService.exe
SR - | Auto 18/05/2010 327064 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter
SR - | Auto 27/05/2011 301568 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 05/06/2013 19456 | (SZDrvSvc) . (.Clarus, Inc..) - C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
SR - | Auto 22/01/2010 113200 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
SR - | Auto 10/07/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 22/01/2010 563760 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
SR - | Auto 10/07/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s

---\\ Scâner Aditional (088)
Database Version : 13026 - (13/08/2014)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 5

[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =>Crapware.SpyHunter
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.AutoKMS^
C:\Users\Neiliandro da Silva\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
C:\Users\Neiliandro da Silva\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Neiliandro da Silva\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
~ Additionnel Scan: 516594 Items scanned in 01mn 24s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.SpyHunter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.AutoKMS
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BProtector
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
~ MSI: 7 link(s) detected in 00mn 00s

~ 1125 Legitimates filtered by white list
End of the scan (675 lines in 09mn 02s)(0)

por **Power Max** Sex 15 Ago 2014, 10:07

Sugiro que desinstale o SpyHunter, que é desnecessário.
_______________________________________________________________________________________________________

Não consigo acessar a internet 772309

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_________________________________________________________________________________________________________

Não consigo acessar a internet 772309

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em negrito abaixo para ser analisado (se o site informar que ele já foi analisado, peça para analisar novamente):

C:\Program Files (x86)\SI Service\SIService.exe

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório pedido nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________________________________________________________________________________

Não consigo acessar a internet 772309

Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS.exe (.not file.) [0] =>Trojan.AutoKMS
[MD5.00000000000000000000000000000000] [APT] [{55E1A22D-B875-42FF-97A2-2A0B607FEC45}] (...) -- C:\Users\Neiliandro da Silva\Documents\ELTROTCNICA\P 58\UPS-RETIFICADOR Adelco\UPS\SOFTWARES\COMRET - vesrsÆo 1.0.13\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{94DD71A9-D632-4162-93B2-30B537BB5F12}] (...) -- C:\Users\Neiliandro da Silva\Desktop\zoek\zoek.com" -d "C:\Users\Neiliandro da Silva\Desktop\zoek" (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CEA5BAD8-FA0B-46D6-BFC6-24F78FD022E0}] (...) -- C:\Users\Neiliandro da Silva\Downloads\dotnetfx35.exe (.not file.) [0]
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
[HKCU\Software\Baidu Security]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Baidu Security]
O43 - CFD: 06/07/2014 - 13:56:01 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 13/08/2014 - 20:27:17 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 13/08/2014 - 20:26:31 - [] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Baidu
O43 - CFD: 08/11/2013 - 15:21:40 - [] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Baidu Security
O43 - CFD: 20/04/2014 - 16:24:33 - [0] ----D C:\Users\Neiliandro da Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
C:\Users\Neiliandro da Silva\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Neiliandro da Silva\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
ShortcutFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

Não consigo acessar a internet 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

por neiliandro Sex 15 Ago 2014, 13:21

Boa tarde Power Max

Desinstalei o SpyHunter, eliminei os programas desnecessários e realizei a limpeza com Ccleaner.

segue abaixo o link da análise no site Virus Total e relatório do ZHPFix:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Neiliandro da Silva at 15/08/2014 12:10:11
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ELIMINÉ:* SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ELIMINÉ: HKLM\Software\Classes\protector_dll.protectorbho.1
ELIMINÉ: HKLM\Software\Classes\protector_dll.protectorbho
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

========== Valores do Registo ==========
ELIMINÉ RunValue: mcui_exe

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: C:\Users\Neiliandro da Silva\AppData\Local\Temp\GoogleToolbarInstaller1.log
ELIMINÉ: C:\Users\Neiliandro da Silva\AppData\Local\Temp\GoogleToolbarInstaller2.log
ELIMINÉ Temporários windows (199) (136.624.305 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: {55E1A22D-B875-42FF-97A2-2A0B607FEC45}
ELIMINÉ: {94DD71A9-D632-4162-93B2-30B537BB5F12}
ELIMINÉ: {CEA5BAD8-FA0B-46D6-BFC6-24F78FD022E0}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
14 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
4 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema

End of clean in 00mn 58s

========== Caminho do ficheiro do relatório ==========
C:\Users\Neiliandro da Silva\AppData\Roaming\ZHP\ZHPFix[R1].txt - 15/08/2014 12:10:14 [2138]

por **Power Max** Sex 15 Ago 2014, 13:44

Você conhece este programa abaixo? Sabe do que se trata? pergunto isto porque alguns antivirus consideraram o executável dele como perigoso:
C:\Program Files (x86)\SI Service
__________________________________________________________________________________

Não consigo acessar a internet 772309

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por **joram** Seg 15 Set 2014, 07:27

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Não consigo acessar a internet

Não consigo acessar a internet

Re: Não consigo acessar a internet

Relatório Adwcleaner

Re: Não consigo acessar a internet

Relatório Zoek

Re: Não consigo acessar a internet

relatório Junkware Removal Tool

Re: Não consigo acessar a internet

Relatório Malwarebytes

Re: Não consigo acessar a internet

log do Malwarebytes

Re: Não consigo acessar a internet

relatório do ZHPDiag

Re: Não consigo acessar a internet

Análise no site Virus Total e relatório do ZHPFix

Re: Não consigo acessar a internet

Re: Não consigo acessar a internet

Re: Não consigo acessar a internet

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30