Remover Baidu do registro do windows

Boa Tarde segue log:

Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by Mille on 13/08/2014 at 22:39:32,82.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Mille\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-13-235004.log 36800 bytes
C:\zoek-results2014-08-14-012940.log 22362 bytes

==== Empty Folders Check ======================

C:\Program Files\DsNET Corp deleted successfully
C:\Program Files\Foxit Software deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\v9Soft deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\Socusoft deleted successfully
C:\Users\Familia SV\AppData\Roaming\WinRAR deleted successfully
C:\Users\Mille\AppData\Roaming\NeroDigital(TM) deleted successfully
C:\Users\Mille\AppData\Roaming\WinRAR deleted successfully
C:\Users\Mille\AppData\Local\CutePDF Writer deleted successfully
C:\Users\Mille\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mille\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\S-1-5-21-1630360666-1589363443-3739396131-1002\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu]

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Baidu Security not found
"c:\windows\System32\drivers\Bprotect.sys" not found
"c:\windows\System32\drivers\Bfmon.sys" not found
"c:\windows\System32\drivers\Bfilter.sys" not found
"c:\windows\System32\drivers\Bhbase.sys" deleted

==== System Specs ======================

Operating System: Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 32-bit
Manufacturer: MIRAX - Model: MX-A330
Install Date: 09/09/2012 14:20:52
Last Boot: 13/08/2014 22:28:37
Processor: Intel(R) Atom(TM) CPU 330 @ 1.60GHz
Number of Processors: 4
Work Station
Bootmode: Normal boot
Total RAM: 2039 MB (free 977 MB - 47)
Computername: MILLE-PC
Domain: WORKGROUP
User: Mille (Non-Administrator account)
Local Disk: C:\ - NTFS - 61 GB (free 9 GB)
Local Disk: D:\ - NTFS - 9 GB (free 0 GB)
Local Disk: E:\ - NTFS - 41 GB (free 21 GB)
Local Disk: F:\ - NTFS - 98 GB (free 18 GB)
Local Disk: G:\ - NTFS - 41 GB (free 17 GB)
CD \ DVD Drive: H:\
Local Disk: I:\ - NTFS - 195 GB (free 20 GB)
CD \ DVD Drive: K:\
CD \ DVD Drive: L:\
Bootdevice: \Device\HarddiskVolume4
Windows update: 2012-10-12 19:26:36
Country: Brasil
Language: PTB

==== System Specs (Software) ======================

Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 28.0 (x86 pt-BR)
Google Chrome version: 37.0.2062.68
Adobe Reader version: 10.1.0.534
Sun Java version: 1.7.0_55 (32-bit)
Flash Player version: 13.0.0.214

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-08-12 04:07:47 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2014-08-12 04:07:47 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2014-08-12 04:07:47 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2014-08-12 04:07:47 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2014-08-12 04:07:47 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\Mille\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2014-08-12 03:06:13 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\System32\sqlite3.dll
====== C:\Windows\system32\drivers =====
2014-08-12 04:25:12 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\System32\drivers\clbdriver.sys
2014-08-12 04:07:18 36C46561FDC566FD4943216ABA090343 12568 ----a-w- C:\Windows\System32\drivers\PROCEXP113.SYS
2014-08-12 02:30:56 524D8D450622DB4A7875B111C299A76B 7168 ----a-w- C:\Windows\System32\drivers\ute0mjcy.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-08-10 18:47:01 -------- d-----w- C:\Program Files\Common Files\Skype
======= C: =====
2014-08-14 01:00:17 7A65D0400B2D6CF1A3E1A8287D64684D 82 ----a-w- C:\folders.txt
====== C:\Users\Mille\AppData\Roaming ======
2014-08-14 01:00:41 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-08-14 01:00:40 -------- d-----w- C:\Users\USURIO~1\AppData\Local\temp
2014-08-14 01:00:40 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-08-14 01:00:40 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-08-14 01:00:40 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2014-08-14 01:00:38 -------- d-----w- C:\Users\Mille\AppData\Local\Temp
2014-08-12 04:46:29 -------- d-----w- C:\Users\Familia SV\AppData\Local\temp
2014-08-02 00:27:54 62FB2044F27B5946A4CEF40155851293 26624 --sha-w- C:\Users\Familia SV\AppData\Roaming\Thumbs.db
====== C:\Users\Mille ======
2014-08-12 04:46:29 -------- d-----w- C:\Users\Public\AppData
2014-08-12 03:02:43 9D46D72131D0E36A79D4819F08EA0E0B 1366203 ----a-w- C:\Users\Mille\Downloads\adwcleaner_3.304.exe

====== C: exe-files ==
=== C: other files ==
2014-08-12 05:08:59 C581E60E67B83FC640741DF7197EAD86 3007700 ----a-w- C:\Users\Mille\Downloads\revouninstaller.zip
2014-08-12 02:50:47 E72FEF9CC7F8127D6D47E42062812F9E 184421 ----a-w- C:\Users\Mille\Downloads\Grafos (1).zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2821453620-2113678568-27769169-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS4ServiceManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS4ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Mille\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nero\\Nero 10\\Nero BackItUp\\NBAgent.exe\" /WinStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Mille\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Megacubo.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Megacubo.lnk"
"backup"="C:\\Windows\\pss\\Megacubo.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\Megacubo\\megacubo.exe -load:update -type:startup"
"item"="Megacubo"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FreemakeVideoCapture]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IePluginService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NAUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\OracleMTSRecoveryService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\OracleServiceXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\OracleXEClrAgent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\OracleXETNSListener]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\scpVista]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer8]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15/05/2014 09:39]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001Core.job --a------ C:\Users\Mille\AppData\Local\Google\Update\GoogleUpdate.exe [09/09/2012 15:17]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001UA.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003Core.job --a------ C:\Users\Familia SV\AppData\Local\Google\Update\GoogleUpdate.exe [11/12/2012 17:11]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003UA.job --a------ C:\Users\Familia SV\AppData\Local\Google\Update\GoogleUpdate.exe [11/12/2012 17:11]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\desli" [C:\Users\Mille\Desktop\desl\desligamento.bat]
"C:\Windows\system32\tasks\desligando" [C:\Users\Mille\Desktop\desl\desligamento.bat]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001Core" [C:\Users\Mille\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001UA" [C:\Users\Mille\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003Core" [C:\Users\Familia SV\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003UA" [C:\Users\Familia SV\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\task2060960" [C:\Users\FAMILI~1\AppData\Local\Temp\2058823.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{AF2B1F4F-90AF-4AE2-8123-EB221724E7FA}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"ytfmdownloader@gmail.com"="C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com" [05/06/2014 23:11]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Mille\AppData\Roaming\Mozilla\Firefox\Profiles\n12ognl3.default
FB5621842FDABF9F8359775573498FBC - C:\Users\Mille\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
711A2E6A55EC7BFD59B5F649D58B704B - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.1.0.20926.0.dll - Silverlight Plug-In
711A2E6A55EC7BFD59B5F649D58B704B - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll - Silverlight Plug-In
6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
472DAEA6EEE84240DEA132C95C57EB68 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer
21A55BABD31DA624449F06A591AE73ED - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrlui.dll - Microsoft (R) Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]

Google Docs - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Mille\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Mille\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Mille\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Mille\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Mille\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Mille\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - Mille\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Mille\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{EFA27348-E879-4907-9783-B1D0956D3E33} O que fazer na internet? Url="http://www.oquefazernainternet.com/q/{searchTerms}"

==== HijackThis Entries ======================

O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: wwws.realsecureweb.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

==== Empty IE Cache ======================

C:\Users\Familia SV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Familia SV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Mille\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mille\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Mille\AppData\Local\Mozilla\Firefox\Profiles\n12ognl3.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Familia SV\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Mille\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=18 folders=11 60961 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Familia SV\AppData\Local\temp emptied successfully
C:\Users\Mille\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Mille\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Mille\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 13/08/2014 at 23:03:24,87 ======================

Olá. Quanto ao Zoek, para evitar problemas, não use o Script feito para um PC em outro PC pois cada caso é um caso.
___________________________________

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Power Max escreveu:Olá. Quanto ao Zoek, para evitar problemas, não use o Script feito para um PC em outro PC pois cada caso é um caso.
___________________________________

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.304 - Relatório criado 15/08/2014 às 15:39:40
# Atualizado 08/08/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Mille - MILLE-PC
# Executando de : C:\Users\Mille\Downloads\adwcleaner_3.304.exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16450


-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\Familia SV\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


[ Arquivo : C:\Users\Mille\AppData\Roaming\Mozilla\Firefox\Profiles\n12ognl3.default\prefs.js ]


-\\ Google Chrome v

[ Arquivo : C:\Users\Familia SV\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Arquivo : C:\Users\Mille\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5753 octets] - [12/08/2014 00:03:29]
AdwCleaner[R1].txt - [1246 octets] - [12/08/2014 00:31:02]
AdwCleaner[R2].txt - [1106 octets] - [15/08/2014 15:39:40]
AdwCleaner[S0].txt - [5475 octets] - [12/08/2014 00:08:16]
AdwCleaner[S1].txt - [1304 octets] - [12/08/2014 00:34:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1286 octets] ##########

# AdwCleaner v3.304 - Relatório criado 12/08/2014 às 00:08:16
# Atualizado 08/08/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Mille - MILLE-PC
# Executando de : C:\Users\Mille\Downloads\adwcleaner_3.304.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\ProgramData\NCH Software
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\Program Files\NCH Software
Pasta Deletada : C:\Users\Familia SV\AppData\Local\Beamrise
Pasta Deletada : C:\Users\Familia SV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beamrise
Pasta Deletada : C:\Users\Mille\AppData\Roaming\NCH Software
Pasta Deletada : C:\Users\Mille\AppData\Roaming\qone8
Pasta Deletada : C:\Users\Mille\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Pasta Deletada : C:\Users\Mille\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Arquivo Deletada : C:\Users\Familia SV\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
Arquivo Deletada : C:\Users\Mille\AppData\Roaming\Mozilla\Firefox\Profiles\n12ognl3.default\user.js
Arquivo Deletada : C:\Users\Mille\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage

***** [ Tarefas ] *****

Tarefa Deletedo : SaveSense
Tarefa Deletedo : UpdaterEX

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Chave Deletedo : HKCU\Software\Classes\pokki
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\PIP
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\V9Software
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16450


-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\Familia SV\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


[ Arquivo : C:\Users\Mille\AppData\Roaming\Mozilla\Firefox\Profiles\n12ognl3.default\prefs.js ]


-\\ Google Chrome v

[ Arquivo : C:\Users\Familia SV\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
Deletedo [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh

[ Arquivo : C:\Users\Mille\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5753 octets] - [12/08/2014 00:03:29]
AdwCleaner[S0].txt - [5335 octets] - [12/08/2014 00:08:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5395 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
chromelook;
Baidu;z
Baidu;a

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.[/code]

Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by Mille on 15/08/2014 at 16:07:19,85.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Mille\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-13-235004.log 36800 bytes
C:\zoek-results2014-08-14-012940.log 22362 bytes
C:\zoek-results2014-08-14-020324.log 30040 bytes

==== System Restore Info ======================

15/08/2014 16:13:26 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2821453620-2113678568-27769169-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-2821453620-2113678568-27769169-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\FAMILI~1\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\FAMILI~1\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Mille\AppData\Roaming\Mozilla\Firefox\Profiles\n12ognl3.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Mille\AppData\Roaming\Mozilla\Firefox\Profiles\n12ognl3.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\Mille\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"ytfmdownloader@gmail.com"="C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com" [05/06/2014 23:11]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Mille\AppData\Roaming\Mozilla\Firefox\Profiles\n12ognl3.default
FB5621842FDABF9F8359775573498FBC - C:\Users\Mille\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
711A2E6A55EC7BFD59B5F649D58B704B - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.1.0.20926.0.dll - Silverlight Plug-In
711A2E6A55EC7BFD59B5F649D58B704B - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll - Silverlight Plug-In
6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
472DAEA6EEE84240DEA132C95C57EB68 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer
21A55BABD31DA624449F06A591AE73ED - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrlui.dll - Microsoft (R) Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]

Google Docs - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Familia SV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{EFA27348-E879-4907-9783-B1D0956D3E33} O que fazer na internet? Url="http://www.oquefazernainternet.com/q/{searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Familia SV\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Mille\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Familia SV\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Mille\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Familia SV\Desktop\Google Chrome.lnk - C:\Users\Mille\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mille\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Mille\Desktop\Allok Video Joiner.lnk - C:\Program Files\Allok Video Joiner\Allok Video Joiner.exe
C:\Users\Mille\Desktop\Avira Control Center.lnk - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Mille\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Mille\Desktop\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Mille\Desktop\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPScan.exe
C:\Users\Mille\Desktop\HP Deskjet 2050 J510 series.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Mille\Desktop\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Mille\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Mille\Desktop\NetBeans IDE 7.3.lnk - C:\Program Files\NetBeans 7.3\bin\netbeans.exe
C:\Users\Mille\Desktop\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\Mille\Desktop\µTorrent.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Conceitos Básicos do Oracle Database 11g Express Edition .lnk -  
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Familia SV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Mille\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mille\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -  
C:\Users\Mille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Mille\AppData\Local\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Familia SV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dev-C++.lnk - C:\Dev-Cpp\devcpp.exe
C:\Users\Familia SV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Familia SV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Familia SV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Familia SV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Mille\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Familia SV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Familia SV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Familia SV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dev-C++.lnk - C:\Dev-Cpp\devcpp.exe
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE  /recycle
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Mille\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Mille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Familia SV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Mille\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Mille\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Familia SV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Mille\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Mille\AppData\Local\Mozilla\Firefox\Profiles\n12ognl3.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Familia SV\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Mille\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=18 folders=11 60924 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Familia SV\AppData\Local\temp will be emptied at reboot
C:\Users\Mille\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Mille\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Familia SV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Mille\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Familia SV\AppData\Local\temp\FXSAPIDebugLogFile.txt" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 15/08/2014 at 17:23:25,85 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

Baidu;z
Baidu;a

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 15-08-2014
Tool run by Mille on 17/08/2014 at 19:35:21,00.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mille\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-13-235004.log 36800 bytes
C:\zoek-results2014-08-14-012940.log 22362 bytes
C:\zoek-results2014-08-14-020324.log 30040 bytes
C:\zoek-results2014-08-15-202325.log 19260 bytes

==== Folders Found ======================

2014-08-12 03:08:16 2014-08-12 03:08:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-02-13 03:43:05 2014-02-13 03:43:05 -------- d-----w- C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu

==== Files Found ======================


--- C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2012-04-10 09:30:26
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\101112-25240-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_129944067420736220.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\101112-25240-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_129944067420736220.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=18 folders=11 60924 bytes)

==== EOF on 17/08/2014 at 19:46:22,64 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu\Baidu-TB-ASBar.exe;f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000];r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000];r
"DeviceDesc"=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000];r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000];r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000];r
"DeviceDesc"=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000];r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000];r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000];r
"DeviceDesc"=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\101112-25240-01.dmp];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_129944067420736220.dmp];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\101112-25240-01.dmp];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_129944067420736220.dmp];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport];r

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 15-08-2014
Tool run by Mille on 17/08/2014 at 20:07:32,77.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mille\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-13-235004.log 36800 bytes
C:\zoek-results2014-08-14-012940.log 22362 bytes
C:\zoek-results2014-08-14-020324.log 30040 bytes
C:\zoek-results2014-08-15-202325.log 19260 bytes
C:\zoek-results2014-08-17-224622.log 3165 bytes

==== System Restore Info ======================

17/08/2014 20:09:21 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\101112-25240-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_129944067420736220.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\101112-25240-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_129944067420736220.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Deleting Files \ Folders ======================

"C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu\Baidu-TB-ASBar.exe" deleted

==== C:\zoek_backup content ======================

C:\zoek_backup (files=19 folders=11 1419895 bytes)

==== EOF on 17/08/2014 at 20:10:33,83 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

Baidu;z
Baidu;a

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 15-08-2014
Tool run by Mille on 17/08/2014 at 20:17:57,82.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mille\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-13-235004.log 36800 bytes
C:\zoek-results2014-08-14-012940.log 22362 bytes
C:\zoek-results2014-08-14-020324.log 30040 bytes
C:\zoek-results2014-08-15-202325.log 19260 bytes
C:\zoek-results2014-08-17-224622.log 3165 bytes
C:\zoek-results2014-08-17-231033.log 3136 bytes

==== Folders Found ======================

2014-08-12 03:08:16 2014-08-12 03:08:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-02-13 03:43:05 2014-08-17 23:10:27 -------- d-----w- C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=19 folders=11 1419895 bytes)

==== EOF on 17/08/2014 at 20:29:59,59 ======================

No Registro ainda aparece o baidu e não consigo excluir.

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.8.16.119 - Nicolas Coolman (16/08/2014)
~ Iniciado por Mille (17/08/2014 21:23:10)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v37.0.2062.76

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
ESET Online Scanner v3
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2039 MB (27% free)
System Restore: Activé (Enable)
System drive C: has 10 GB (15%) free of 61 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MILLE-PC
~ User Name: Mille
~ All Users Names: Mille, HomeGroupUser$, Familia SV, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Mille\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Mille\AppData\Roaming\
~ %Desktop% : C:\Users\Mille\Desktop\
~ %Favorites% : C:\Users\Mille\Favorites\
~ %LocalAppData% : C:\Users\Mille\AppData\Local\
~ %StartMenu% : C:\Users\Mille\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 61 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 10 Go)
E: Hard drive, Flash drive, Thumb drive (Free 21 Go of 41 Go)
F: Hard drive, Flash drive, Thumb drive (Free 19 Go of 98 Go)
G: Hard drive, Flash drive, Thumb drive (Free 18 Go of 41 Go)
H: CD-ROM drive (Not Inserted)
I: Hard drive, Flash drive, Thumb drive (Free 20 Go of 195 Go)
K: CD-ROM drive (Not Inserted)
L: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.5553611E2F9EA6F613079177F1233068] - (.Microsoft Corporation - Internet Extensions para Win32.) (.24/08/2012 - 03:51:27.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.31/08/2012 - 14:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/77
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/448
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 2/600
~ Mon Bureau (My Desktop) : 1/315
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 33s



---\\ Processos lançados
[MD5.3433CF435F84B24965A8202118F41A7A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe [1322832] [PID.3308] =>P2P.BitTorrent
[MD5.F6928DAEB449281BB5A02A93093DE0CB] - (.Google Inc. - Google Chrome.) -- C:\Users\Mille\AppData\Local\Google\Chrome\Application\chrome.exe [852808] [PID.1156]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUi.exe [4086432] [PID.2564]
[MD5.6F815EE8023E715353C4D9F88F75D2B6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8092160] [PID.5204]
[MD5.1AD8512A5C40AD1A0558498D8E0AC2AA] - (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [808448] [PID.2724]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2844]
~ Processes Running: Scanned in 00mn 07s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Mille\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 20 Legitimates Filtered in 00mn 01s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Mille]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Mille]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 12s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2821453620-2113678568-27769169-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{006FE1B7-D51D-45F8-BD59-2511CC7741E4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{006FE1B7-D51D-45F8-BD59-2511CC7741E4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{006FE1B7-D51D-45F8-BD59-2511CC7741E4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 4 Legitimates Filtered in 00mn 16s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{134B94FF-ECD9-415F-B860-0510BF8C3DBB}] (...) -- C:\Users\Mille\Downloads\converter.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B5969B9F-A08E-4D0E-AFFC-2AA3222E7CEC}] (...) -- H:\Windows\Auto installation program (support Win98SEWinME)\PCI_Install_5707_1119\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EAB9048C-852F-406C-AF49-5F8E367551FE}] (...) -- C:\Program Files\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001Core [1026]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001UA [1078]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003Core [1046]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003UA [1098]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 09s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 78 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: Allok Video Joiner 4.4.0202 - (.Allok Soft Inc..) [HKLM] -- Allok Video Joiner_is1
~ Logic: 15 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\UltraDownloads.com.br]
~ Key Software: 258 Legitimates Filtered in 00mn 02s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/09/2012 - 18:25:13 - [] ----D C:\Program Files\Allok Video Joiner
O43 - CFD: 25/11/2013 - 15:50:30 - [] ----D C:\Program Files\Scpad
O43 - CFD: 07/11/2012 - 23:00:19 - [] ----D C:\Users\Mille\AppData\Local\Ares
~ Program Folder: 167 Legitimates Filtered in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.524D8D450622DB4A7875B111C299A76B] - 11/08/2014 - 23:32:08 ---A- . (.No owner - AVZ Driver.) -- C:\Windows\System32\Drivers\ute0mjcy.sys [7168]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 12/08/2014 - 00:06:13 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 12/08/2014 - 01:07:47 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 12/08/2014 - 01:07:47 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 12/08/2014 - 01:07:47 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 12/08/2014 - 01:07:47 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 12/08/2014 - 01:07:47 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/08/2014 - 01:25:12 ---A- . (...) -- C:\Windows\System32\Drivers\clbdriver.sys [0]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 12/08/2014 - 01:40:02 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.CFF80BECCF6471BC20F087F7C7881AC3] - 12/08/2014 - 01:46:25 ---A- . (...) -- C:\ComboFix.txt [14258]
O44 - LFC:[MD5.04C45533EB20B4EF05F9376EBF680DE4] - 13/08/2014 - 20:50:04 ---A- . (...) -- C:\zoek-results2014-08-13-235004.log [36800]
O44 - LFC:[MD5.7A65D0400B2D6CF1A3E1A8287D64684D] - 13/08/2014 - 22:00:17 ---A- . (...) -- C:\folders.txt [82]
O44 - LFC:[MD5.9CDCEAE876443296BE9BBABCFC9D909B] - 13/08/2014 - 23:03:24 ---A- . (...) -- C:\zoek-results2014-08-14-020324.log [30040]
O44 - LFC:[MD5.BD45CEB3EBB6832AE7997FA29468ACE1] - 13/08/2014 - 23:10:25 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [29160]
O44 - LFC:[MD5.28673F8831E441817AB2EBB6AD20326C] - 15/08/2014 - 17:23:25 ---A- . (...) -- C:\zoek-results2014-08-15-202325.log [19260]
O44 - LFC:[MD5.DEECF31EC52FAD42B94B1E11704E37E9] - 17/08/2014 - 19:46:22 ---A- . (...) -- C:\zoek-results2014-08-17-224622.log [3165]
O44 - LFC:[MD5.9A8053AB0C2E6FB785B468D3AE59F59F] - 17/08/2014 - 20:10:33 ---A- . (...) -- C:\zoek-results2014-08-17-231033.log [3136]
O44 - LFC:[MD5.EB2D85A58256052E817AC4936A83571E] - 17/08/2014 - 20:29:59 ---A- . (...) -- C:\zoek-results.log [1218]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 17/08/2014 - 20:39:01 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 17/08/2014 - 21:16:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
~ Files: 40 Legitimates Filtered in 00mn 12s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:17/08/2014 - 21:16:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:17/08/2014 - 21:16:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:17/08/2014 - 21:16:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:12/08/2014 - 01:25:12 ---A- . (...) -- C:\Windows\System32\Drivers\clbdriver.sys [0]
O58 - SDL:11/03/2013 - 00:11:52 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [242240]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:24/01/2014 - 11:48:32 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:17/08/2014 - 20:39:01 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:24/03/2014 - 16:17:27 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:12/08/2014 - 01:07:18 ---A- . (.Sysinternals - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Process Explorer.) -- C:\Windows\System32\Drivers\PROCEXP113.SYS [12568]
O58 - SDL:09/02/2014 - 18:14:29 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [466008]
O58 - SDL:10/01/2003 - 09:30:22 ---A- . (.Service & Quality Technology. - Universal Serial Bus Camera Driver.) -- C:\Windows\System32\Drivers\SQCamD.sys [25449]
O58 - SDL:10/01/2003 - 10:56:34 ---A- . (.Service & Quality Technology. - Universal Serial Bus Camera Driver.) -- C:\Windows\System32\Drivers\SQCaptur.sys [30921]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/08/2014 - 23:10:25 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [29160]
O58 - SDL:11/08/2014 - 23:32:08 ---A- . (.No owner - AVZ Driver.) -- C:\Windows\System32\Drivers\ute0mjcy.sys [7168]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 85 Legitimates Filtered in 01mn 12s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 17/08/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 24/01/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 95 Legitimates Filtered in 00mn 01s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Mille\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {EFA27348-E879-4907-9783-B1D0956D3E33} - (O que fazer na internet?) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.C1D2EBEBC40491FD3C7E757A5AF27EAD] [SPRF][13/08/2014] (...) -- C:\Users\Mille\Desktop\zoek.exe [1288704]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{2D6A8707-03E6-4A80-BB87-72A38189C7FC}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{59C13C6F-7392-4709-AEF2-5AECE97860C6}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{11BBA03F-747B-487A-9857-261E539786A1}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{BDC2716E-107E-4C14-A750-1A6D1CD4C345}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 06s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A43D98F5A2B54F22C2B8191CBF27B438] [WIS][09/02/2014] (.SaveSense - Google Update Helper.) -- C:\Windows\Installer\f109c.msi [40960] =>PUP.SaveSense
~ WIS: 1 Legitimates Filtered in 00mn 08s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\biSetup24935_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup24935_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\setup-somoto-sem-skip_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\setup-somoto-sem-skip_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\smt_ar_dosearches_RASAPI32 =>PUP.DoSearches
HKLM\SOFTWARE\Microsoft\Tracing\smt_ar_dosearches_RASMANCS =>PUP.DoSearches
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 360 Legitimates Filtered in 00mn 02s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.SaveSense
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.SaveSense
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.SaveSense
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.SaveSense
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense
~ BCK: 6959 Legitimates Filtered in 00mn 48s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Disabled 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 15/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 13/02/2013 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Disabled 22/05/2014 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
SS - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Disabled 19/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 25/03/2010 490280 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SS - | Disabled 27/08/2011 49152 | (OracleJobSchedulerXE) . (...) - c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe
SS - | Disabled 27/08/2011 69632 | (OracleMTSRecoveryService) . (.Oracle Corporation.) - C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe
SS - | Disabled 27/08/2011 115773440 | (OracleServiceXE) . (.Oracle Corporation.) - c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.exe
SS - | Disabled 27/08/2011 12800 | (OracleXEClrAgent) . (.Oracle Corporation.) - C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe
SS - | Disabled 27/08/2011 512000 | (OracleXETNSListener) . (.Oracle Corporation.) - C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe
SS - | Disabled 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SS - | Disabled 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Disabled 01/10/2013 5087584 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 17/08/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/06/2014 553272 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 51s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:09/02/2014 - 18:14:29 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [466008]
~ Emulateurs: Scanned in 00mn 51s



---\\ Scâner Aditional (088)
Database Version : 13026 - (16/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 9

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Windows\Installer\f109c.msi =>PUP.SaveSense^
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense^
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.SaveSense^
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.SaveSense^
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.SaveSense^
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.SaveSense^
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense^
~ Additionnel Scan: 406587 Items scanned in 02mn 35s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveSense
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DoSearches
~ MSI: 3 link(s) detected in 00mn 00s



~ 781 Legitimates filtered by white list
End of the scan (529 lines in 07mn 43s)(0)

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

C:\Windows\System32\Drivers\clbdriver.sys;virustotal
C:\Windows\System32\Drivers\ute0mjcy.sys;virustotal

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]
________________________________________________________________________________________________________

Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
[MD5.00000000000000000000000000000000] [APT] [{134B94FF-ECD9-415F-B860-0510BF8C3DBB}] (...) -- C:\Users\Mille\Downloads\converter.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B5969B9F-A08E-4D0E-AFFC-2AA3222E7CEC}] (...) -- H:\Windows\Auto installation program (support Win98SEWinME)\PCI_Install_5707_1119\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EAB9048C-852F-406C-AF49-5F8E367551FE}] (...) -- C:\Program Files\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
O69 - SBI: SearchScopes [HKCU] {EFA27348-E879-4907-9783-B1D0956D3E33} - (O que fazer na internet?) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[MD5.A43D98F5A2B54F22C2B8191CBF27B438] [WIS][09/02/2014] (.SaveSense - Google Update Helper.) -- C:\Windows\Installer\f109c.msi [40960] =>PUP.SaveSense
HKLM\SOFTWARE\Microsoft\Tracing\biSetup24935_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup24935_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\setup-somoto-sem-skip_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\setup-somoto-sem-skip_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\smt_ar_dosearches_RASAPI32 =>PUP.DoSearches
HKLM\SOFTWARE\Microsoft\Tracing\smt_ar_dosearches_RASMANCS =>PUP.DoSearches
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.SaveSense
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.SaveSense
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.SaveSense
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.SaveSense
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense
C:\Windows\Installer\f109c.msi =>PUP.SaveSense^
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense^
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.SaveSense^
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.SaveSense^
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.SaveSense^
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.SaveSense^
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense^
ShortcutFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o novo relatório do Zoek que estará em C:\zoek-results.txt

Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by Administrador on 26/08/2014 at  7:14:16,15.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Administrador\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-22-114552.log 50792 bytes
C:\zoek-results2014-08-22-120202.log 7322 bytes
C:\zoek-results2014-08-25-125750.log 1332 bytes

==== System Restore Info ======================

26/08/2014 07:15:11 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]

==== Folders Found ======================

2014-08-18 12:35:21 2014-08-18 12:35:21 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2013-12-01 22:54:52 2014-08-25 10:32:15 -------- d-----w- C:\_OTM\MovedFiles\08252014_073104\C_ProgramData\Baidu Security

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1022 folders=69 30154537 bytes)

==== EOF on 26/08/2014 at  7:16:15,57 ======================

Você não seguiu as dicas da forma que lhe passei.

Siga, por gentileza, exatamente da forma que lhe indiquei na resposta anterior e poste o resultado.

Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by Mille on 29/08/2014 at 18:50:50,71.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Mille\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-13-235004.log 36800 bytes
C:\zoek-results2014-08-14-012940.log 22362 bytes
C:\zoek-results2014-08-14-020324.log 30040 bytes
C:\zoek-results2014-08-15-202325.log 19260 bytes
C:\zoek-results2014-08-17-224622.log 3165 bytes
C:\zoek-results2014-08-17-231033.log 3136 bytes
C:\zoek-results2014-08-17-232959.log 1218 bytes

==== VirusTotal Scan ======================

C:\Windows\System32\Drivers\clbdriver.sys [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Windows\System32\Drivers\ute0mjcy.sys [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=19 folders=11 1419895 bytes)

==== EOF on 29/08/2014 at 18:54:09,91 ======================

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Mille at 29/08/2014 19:06:29
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 07s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: SearchScopes :{EFA27348-E879-4907-9783-B1D0956D3E33}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biSetup24935_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biSetup24935_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\setup-somoto-sem-skip_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\setup-somoto-sem-skip_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\smt_ar_dosearches_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\smt_ar_dosearches_RASMANCS
ELIMINÉ: HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
ELIMINÉ: HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
ELIMINÉ: HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
ELIMINÉ: HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
ELIMINÉ: HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
ELIMINÉ: HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
ELIMINÉ: HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: C:\Windows\Installer\f109c.msi
ELIMINÉ Temporários windows (46) (5.726.468 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {134B94FF-ECD9-415F-B860-0510BF8C3DBB}
ELIMINÉ: {B5969B9F-A08E-4D0E-AFFC-2AA3222E7CEC}
ELIMINÉ: {EAB9048C-852F-406C-AF49-5F8E367551FE}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Outros ==========
NÃO-TRATADO ____________


========== Recapitulativo ==========
14 : Chaves do Registo
1 : Pastas
3 : Ficheiros
3 : Tarefa planificada
1 : Restauração Sistema
1 : Outros


End of clean in 02mn 25s

========== Caminho do ficheiro do relatório ==========
C:\Users\Mille\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/08/2014 19:06:37 [2066]

Me desculpe a demora, infelizmente só agora pude retornar a tarefa de remoção, enfim o baidu ainda esta no registro e o meu pc esta com o comportamento ruim.

vamsv escreveu:Me desculpe a demora, infelizmente só agora pude retornar a tarefa de remoção, enfim o baidu ainda esta no registro e o meu pc esta com o comportamento ruim.

Olá! vamsv

|- O Power Max está impossibilitado de dar continuidade aos casos sob sua responsabilidade,então ele me pediu para lhe dar uma mãozinha...e aqui estou.
|- Poste o relatório de ZHPDiag na configuração COMPLETA.

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

|- Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >

A+

Olá, tudo bem , espero que o power esteja bem, e muito obrigada por me ajudar segue log:

~ Relatório do ZHPDiag v2014.8.16.119 - Nicolas Coolman (16/08/2014)
~ Iniciado por Mille (30/08/2014 00:02:30)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v38.0.2125.24 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
ESET Online Scanner v3
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2039 MB (25% free)
System Restore: Activé (Enable)
System drive C: has 9 GB (15%) free of 61 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MILLE-PC
~ User Name: Mille
~ All Users Names: Mille, HomeGroupUser$, Familia SV, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Mille\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Mille\AppData\Roaming\
~ %Desktop% : C:\Users\Mille\Desktop\
~ %Favorites% : C:\Users\Mille\Favorites\
~ %LocalAppData% : C:\Users\Mille\AppData\Local\
~ %StartMenu% : C:\Users\Mille\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 9 Go of 61 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 10 Go)
E: Hard drive, Flash drive, Thumb drive (Free 21 Go of 41 Go)
F: Hard drive, Flash drive, Thumb drive (Free 19 Go of 98 Go)
G: Hard drive, Flash drive, Thumb drive (Free 18 Go of 41 Go)
H: CD-ROM drive (Not Inserted)
I: Hard drive, Flash drive, Thumb drive (Free 20 Go of 195 Go)
K: CD-ROM drive (Not Inserted)
L: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Scanned in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.5553611E2F9EA6F613079177F1233068] - (.Microsoft Corporation - Internet Extensions para Win32.) (.24/08/2012 - 03:51:27.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.31/08/2012 - 14:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/59
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/448
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 2/600
~ Mon Bureau (My Desktop) : 1/319
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 09s



---\\ Processos lançados
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.3876]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.4032]
[MD5.6F815EE8023E715353C4D9F88F75D2B6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8092160] [PID.4676]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Mille\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Scanned in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [Mille - n12ognl3.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.55.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.55.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.55.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.30514.0.) -- C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=16.4.3505.0912] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5] - (.RocketLife, LLP - A component of your photo software powered by RocketLife.) -- C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.0.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\Mille\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\Mille\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
~ Firefox Browser: 10 Scanned in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: 11 Scanned in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Microsoft Corporation - Skype Click to Call IE Add-on.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll
~ BHO: 20 Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Mille]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Mille]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Scanned in 00mn 07s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2821453620-2113678568-27769169-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Mille\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Icones das opções IE invisiveis no painel das configurações (05)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
~ Winsock: 8 Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{006FE1B7-D51D-45F8-BD59-2511CC7741E4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{006FE1B7-D51D-45F8-BD59-2511CC7741E4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{006FE1B7-D51D-45F8-BD59-2511CC7741E4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: (MBAMScheduler) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
~ Services: 4 Scanned in 00mn 14s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s

---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.09E7C37DF4A911C8A9AA8BF88ACD10AA] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257712]
[MD5.1AD8512A5C40AD1A0558498D8E0AC2AA] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [808448]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001Core] (.Google Inc..) -- C:\Users\Mille\AppData\Local\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001UA] (.Google Inc..) -- C:\Users\Mille\AppData\Local\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003Core] (.Google Inc..) -- C:\Users\Mille\AppData\Local\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003UA] (.Google Inc..) -- C:\Users\Mille\AppData\Local\Google\Update\GoogleUpdate.exe [116648]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001Core - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001Core.job [1026]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001Core - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001Core [1026]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001UA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001UA.job [1078]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001UA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1001UA [1078]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003Core - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003Core.job [1046]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003Core - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003Core [1046]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003UA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003UA.job [1098]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003UA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2821453620-2113678568-27769169-1003UA [1098]
~ Scheduled Task: 13 Scanned in 00mn 09s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Active Setup: 11 Scanned in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\drivers\aswRdr2.sys
O41 - Driver: (aswSnx) . (.AVAST Software - avast! Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys
O41 - Driver: (aswSP) . (.AVAST Software - avast! self protection module.) - C:\Windows\system32\drivers\aswSP.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (dtsoftbus01) . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) - C:\Windows\System32\DRIVERS\dtsoftbus01.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: (Serial) . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
O41 - Driver: C:\Windows\System32\drivers\ws2ifsl.sys (ws2ifsl) . (.Microsoft Corporation - Winsock2 IFS Layer.) - C:\Windows\system32\drivers\ws2ifsl.sys
~ Drivers: 81 Scanned in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: Adobe Anchor Service CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {1618734A-3957-4ADD-8199-F973763109A8}
O42 - Logiciel: Adobe CSI CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {0F723FC1-7606-4867-866C-CE80AD292DAF}
O42 - Logiciel: Adobe Dreamweaver CS4 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_acce07fd2c8fe7f9e3f26243e626578
O42 - Logiciel: Adobe Dreamweaver CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {30C8AA56-4088-426F-91D1-0EDFD3A25678}
O42 - Logiciel: Adobe ExtendScript Toolkit CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {F8EF2B3F-C345-4F20-8FE4-791A20333CD5} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Flash Player 13 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 13 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Photoshop CS4 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Photoshop CS4_is1 =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Reader X (10.1.0) - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-AA1000000001}
O42 - Logiciel: Adobe Search for Help - (.Adobe Systems Incorporated.) [HKLM] -- {F0E64E2E-3A60-40D8-A55D-92F6831875DA}
O42 - Logiciel: Adobe Service Manager Extension - (.Adobe Systems Incorporated.) [HKLM] -- {4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
O42 - Logiciel: Adobe Update Manager CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {05308C4E-7285-4066-BAE3-6B50DA6ED755}
O42 - Logiciel: Allok Video Joiner 4.4.0202 - (.Allok Soft Inc..) [HKLM] -- Allok Video Joiner_is1
O42 - Logiciel: Arquivo do WinRAR - (...) [HKLM] -- WinRAR archiver
O42 - Logiciel: Connect - (.Adobe Systems Incorporated.) [HKLM] -- {B29AD377-CC12-490A-A480-1452337C618D}
O42 - Logiciel: Crystal Reports for Visual Studio - (.SAP.) [HKLM] -- {AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}
O42 - Logiciel: Curso HJ de Datilografia - (...) [HKLM] -- Curso HJ de Datilografia
O42 - Logiciel: CutePDF Writer 3.0 - (.CutePDF.com.) [HKLM] -- CutePDF Writer Installation
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: DAEMON Tools Lite - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Lite =>.DT Soft Ltd
O42 - Logiciel: Dev-C++ 5 beta 9 release (4.9.9.2) - (...) [HKLM] -- Dev-C++
O42 - Logiciel: ESET Online Scanner v3 - (...) [HKLM] -- ESET Online Scanner
O42 - Logiciel: FormatFactory 3.3.1.0 - (.Format Factory.) [HKLM] -- FormatFactory
O42 - Logiciel: Freemake Video Downloader - (.Ellora Assets Corporation.) [HKLM] -- Freemake Video Downloader_is1
O42 - Logiciel: Galeria de Fotos - (.Microsoft Corporation.) [HKLM] -- {F5248B7E-779A-4FA4-8134-D1933D8680FA}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.SaveSense.) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.SaveSense
O42 - Logiciel: HP Deskjet 2050 J510 series Ajuda - (.Hewlett Packard.) [HKLM] -- {7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}
O42 - Logiciel: High-Definition Video Playback 10 - (.Nero AG.) [HKLM] -- {237CCB62-8454-43E3-B158-3ACD0134852E}
O42 - Logiciel: Java 7 Update 55 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217021FF}
O42 - Logiciel: Java SE Development Kit 7 Update 17 - (.Oracle.) [HKLM] -- {32A3A4F4-B792-11D6-A78A-00B0D0170170}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {400C31E4-796F-4E86-8FDC-C3C4FACC6847}
O42 - Logiciel: K-Lite Mega Codec Pack 9.3.0 - (...) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Macromedia Fireworks 8 - (.Macromedia.) [HKLM] -- {4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
O42 - Logiciel: Malwarebytes Anti-Malware versão 2.0.2.1012 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes Anti-Malware_is1
O42 - Logiciel: Microsoft Primary Interoperability Assemblies 2005 - (.Microsoft Corporation.) [HKLM] -- {D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Silverlight 3 SDK - (.Microsoft Corporation.) [HKLM] -- {2012098D-EEE9-4769-8DD3-B038050854D4}
O42 - Logiciel: Microsoft SkyDrive - (.Microsoft Corporation.) [HKCU] -- SkyDriveSetup.exe =>.Microsoft Corporation
O42 - Logiciel: Microsoft Sync Framework Runtime v1.0 SP1 (x86) - (.Microsoft Corporation.) [HKLM] -- {C6DD625F-4B61-4561-8286-87CA0275CEA1}
O42 - Logiciel: Microsoft Sync Framework SDK v1.0 SP1 - (.Microsoft Corporation.) [HKLM] -- {97CE8B73-AA5A-4987-A1BE-50DD1A187478}
O42 - Logiciel: Microsoft Sync Framework Services v1.0 SP1 (x86) - (.Microsoft Corporation.) [HKLM] -- {F990B526-8F7C-46E0-B1F1-6C893A8B478F}
O42 - Logiciel: Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) - (.Microsoft Corporation.) [HKLM] -- {DC3D6AFB-78B4-489F-81D7-30B66E0C2417}
O42 - Logiciel: Microsoft Team Foundation Server 2010 Object Model - ENU - (.Microsoft Corporation.) [HKLM] -- Microsoft Team Foundation Server 2010 Object Model - ENU
O42 - Logiciel: Microsoft Team Foundation Server 2010 Object Model - ENU - (.Microsoft Corporation.) [HKLM] -- {6ED37A91-7710-3183-BE50-AB043FF6689E}
O42 - Logiciel: Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framewo - (.Microsoft.) [HKLM] -- {B4C0A315-07FB-39F9-85CD-8CE20C019350}
O42 - Logiciel: Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 - (.Microsoft Corporation.) [HKLM] -- {07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
O42 - Logiciel: Mozilla Firefox 28.0 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 28.0 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService
O42 - Logiciel: Nero 10 Menu TemplatePack Basic - (.Nero AG.) [HKLM] -- {63AA3EAB-23BB-48B2-9AD0-44F878075604}
O42 - Logiciel: Nero 10 Movie ThemePack Basic - (.Nero AG.) [HKLM] -- {F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}
O42 - Logiciel: Nero BackItUp 10 - (.Nero AG.) [HKLM] -- {68AB6930-5BFF-4FF6-923B-516A91984FE6}
O42 - Logiciel: Nero BackItUp 10 Help (CHM) - (.Nero AG.) [HKLM] -- {08C8666B-C502-4AB3-B4CB-D74AC42D14FE}
O42 - Logiciel: Nero BurnRights 10 - (.Nero AG.) [HKLM] -- {943CFD7D-5336-47AF-9418-E02473A5A517}
O42 - Logiciel: Nero BurnRights 10 Help (CHM) - (.Nero AG.) [HKLM] -- {555868C6-49FB-484F-BB43-8980651A1B00}
O42 - Logiciel: Nero Burning ROM 10 - (.Nero AG.) [HKLM] -- {7A5D731D-B4B3-490E-B339-75685712BAAB}
O42 - Logiciel: Nero BurningROM 10 Help (CHM) - (.Nero AG.) [HKLM] -- {9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}
O42 - Logiciel: Nero Control Center 10 - (.Nero AG.) [HKLM] -- {6DFB899F-17A2-48F0-A533-ED8D6866CF38}
O42 - Logiciel: Nero ControlCenter 10 Help (CHM) - (.Nero AG.) [HKLM] -- {523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
O42 - Logiciel: Nero Core Components 10 - (.Nero AG.) [HKLM] -- {2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
O42 - Logiciel: Nero CoverDesigner 10 - (.Nero AG.) [HKLM] -- {FCF00A6E-FB58-477A-ABE9-232907105521}
O42 - Logiciel: Nero CoverDesigner 10 Help (CHM) - (.Nero AG.) [HKLM] -- {C3273C55-E1E4-41FF-8D69-0158090DB8D8}
O42 - Logiciel: Nero DiscCopy Gadget 10 - (.Nero AG.) [HKLM] -- {92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}
O42 - Logiciel: Nero DiscCopyGadget 10 Help (CHM) - (.Nero AG.) [HKLM] -- {5F548A02-80BC-404D-BAE6-F05F9BF6B449}
O42 - Logiciel: Nero DiscSpeed 10 - (.Nero AG.) [HKLM] -- {34490F4E-48D0-492E-8249-B48BECF0537C}
O42 - Logiciel: Nero DiscSpeed 10 Help (CHM) - (.Nero AG.) [HKLM] -- {C18A0418-442A-4186-AF98-D08F5054A2FC}
O42 - Logiciel: Nero Dolby Files 10 - (.Nero AG.) [HKLM] -- {C3580AC4-C827-4332-B935-9A282ED5BB97}
O42 - Logiciel: Nero Express 10 - (.Nero AG.) [HKLM] -- {70550193-1C22-445C-8FA4-564E155DB1A7}
O42 - Logiciel: Nero Express 10 Help (CHM) - (.Nero AG.) [HKLM] -- {33643918-7957-4839-92C7-EA96CB621A98}
O42 - Logiciel: Nero InfoTool 10 - (.Nero AG.) [HKLM] -- {F412B4AF-388C-4FF5-9B2F-33DB1C536953}
O42 - Logiciel: Nero InfoTool 10 Help (CHM) - (.Nero AG.) [HKLM] -- {66049135-9659-4AAD-9169-9CCA269EBB3E}
O42 - Logiciel: Nero MediaHub 10 - (.Nero AG.) [HKLM] -- {1F7FB68F-52F6-46A3-B42F-38CE46295AE5}
O42 - Logiciel: Nero MediaHub 10 Help (CHM) - (.Nero AG.) [HKLM] -- {F467862A-D9CA-47ED-8D81-B4B3C9399272}
O42 - Logiciel: Nero Multimedia Suite 10 - (.Nero AG.) [HKLM] -- {277C1559-4CF7-44FF-8D07-98AA9C13AABD}
O42 - Logiciel: Nero Recode 10 - (.Nero AG.) [HKLM] -- {8ECEC853-5C3D-4B10-B5C7-FF11FF724807}
O42 - Logiciel: Nero Recode 10 Help (CHM) - (.Nero AG.) [HKLM] -- {DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}
O42 - Logiciel: Nero RescueAgent 10 - (.Nero AG.) [HKLM] -- {E337E787-CF61-4B7B-B84F-509202A54023}
O42 - Logiciel: Nero RescueAgent 10 Help (CHM) - (.Nero AG.) [HKLM] -- {92E25238-61A3-4ACD-A407-3C480EEF47A7}
O42 - Logiciel: Nero SoundTrax 10 - (.Nero AG.) [HKLM] -- {E1EE5339-5D32-458F-BAAB-B19F6301BCE2}
O42 - Logiciel: Nero SoundTrax 10 Help (CHM) - (.Nero AG.) [HKLM] -- {16987E99-C95C-4513-9239-7B44A0A71DB5}
O42 - Logiciel: Nero StartSmart 10 - (.Nero AG.) [HKLM] -- {F61D489E-6C44-49AC-AD02-7DA8ACA73A65}
O42 - Logiciel: Nero StartSmart 10 Help (CHM) - (.Nero AG.) [HKLM] -- {F6117F9C-ADB5-4590-9BE4-12C7BEC28702}
O42 - Logiciel: Nero Update - (.Nero AG.) [HKLM] -- {65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
O42 - Logiciel: Nero Vision 10 - (.Nero AG.) [HKLM] -- {9A4297F3-2A51-4ED9-92CA-4BCB8380947E}
O42 - Logiciel: Nero Vision 10 Help (CHM) - (.Nero AG.) [HKLM] -- {329411A0-19F3-4740-874F-17400B126F27}
O42 - Logiciel: Nero WaveEditor 10 - (.Nero AG.) [HKLM] -- {EDCDFAD5-DF80-4600-A493-E9DAD6810230}
O42 - Logiciel: Nero WaveEditor 10 Help (CHM) - (.Nero AG.) [HKLM] -- {7A295D8F-484B-4FFB-89AB-C1FD497591FE}
O42 - Logiciel: NetBeans IDE 7.3 - (.NetBeans.org.) [HKLM] -- nbi-nb-base-7.3.0.0.201302132200
O42 - Logiciel: Oracle Database 11g Express Edition - (.Oracle Corporation.) [HKLM] -- InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}
O42 - Logiciel: Oracle Database 11g Express Edition - (.Oracle Corporation.) [HKLM] -- {05A7B662-80A3-4EB9-AE1D-89A62449431C}
O42 - Logiciel: Rosetta Stone Version 3 - (.Rosetta Stone Ltd..) [HKLM] -- {80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}
O42 - Logiciel: Service Pack 1 for SQL Server 2008 (KB968369) - (.Microsoft Corporation.) [HKLM] -- KB968369
O42 - Logiciel: Skype Click to Call - (.Microsoft Corporation.) [HKLM] -- {6D1221A9-17BF-4EC0-81F2-27D30EC30701}
O42 - Logiciel: Skype™ 6.18 - (.Skype Technologies S.A..) [HKLM] -- {7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
O42 - Logiciel: Software básico do dispositivo HP Deskjet 2050 J510 series - (.Hewlett-Packard Co..) [HKLM] -- {276ACE3E-B1AB-46CE-9F35-7F394879D0E6}
O42 - Logiciel: Sql Server Customer Experience Improvement Program - (.Microsoft Corporation.) [HKLM] -- {C965F01C-76EA-4BD7-973E-46236AE312D7}
O42 - Logiciel: Suite Shared Configuration CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {842B4B72-9E8F-4962-B3C1-1C422A5C4434}
O42 - Logiciel: TeamViewer 8 - (.TeamViewer.) [HKLM] -- TeamViewer 8
O42 - Logiciel: VC Runtimes MSI - (.Microsoft.) [HKLM] -- {FF29527A-44CD-3422-945E-981A13584000}
O42 - Logiciel: Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU - (.Microsoft Corporation.) [HKLM] -- {112C23F2-C036-4D40-BED4-0CB47BF5555C}
O42 - Logiciel: Web Deployment Tool - (.Microsoft Corporation.) [HKLM] -- {0F37D969-1260-419E-B308-EF7D29ABDE20}
O42 - Logiciel: avast! Free Antivirus v9.0.2021 - (.AVAST Software.) [HKLM] -- Avast
O42 - Logiciel: kuler - (.Adobe Systems Incorporated.) [HKLM] -- {098727E1-775A-4450-B573-3F441F1CA243}
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent =>P2P.BitTorrent
~ Logic: 39 Scanned in 00mn 00s