Olá Leandro.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

:seta: Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

Ficamos na espera.

AdwCleaner v3.208 - Relatório criado 12/05/2014 às 16:13:43

Atualizado 11/05/2014 por Xplode

Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)

Usuário : Asafer - ASAFER-HP

Executando de : C:\Users\Asafer\Downloads\AdwCleaner.exe

Opção : Limpar

*** [ Serviços ] ***

*** [ Arquivos / Pastas ] ***

Pasta Deletada : C:\ProgramData\Anti-phishing Domain Advisor

Pasta Deletada : C:\Program Files (x86)\Mega Browse

Pasta Deletada : C:\Program Files (x86)\Toolbar Cleaner

Pasta Deletada : C:\Users\Asafer\AppData\Local\toolbarcleaner

Pasta Deletada : C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner

Arquivo Deletada : C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\Extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi

*** [ Atalhos ] ***

*** [ Registro ] ***

Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Chave Deletedo : HKCU\Software\InstallCore

Chave Deletedo : HKCU\Software\Mega Browse

Chave Deletedo : HKLM\Software\Description

Chave Deletedo : HKLM\Software\Mega Browse

Chave Deletedo : HKLM\Software\Toolbar Cleaner

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mega Browse

*** [ Navegadores ] ***

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\prefs.js ]

[ Arquivo : C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js ]

Linha deletada : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=hp_4802");

Linha deletada : user_pref("keyword.URL", "hxxp://www.mystart.com/results.php?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=bs_4802&q=");

-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

Deletedo [search Provider] : hxxp://www.mystart.com/results.php?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=ch_4802&q={searchTerms}

[ Arquivo : C:\Users\Asafer_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2792 octets] - [12/05/2014 15:48:20]

AdwCleaner[s0].txt - [2756 octets] - [12/05/2014 16:13:43]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2816 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Boa tarde, segue o mesmo.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Asafer on 12/05/2014 at 17:07:42,01.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Asafer\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

12/05/2014 17:11:51 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

Copyright © 1993-2006 Microsoft Corp.

This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

This file contains the mappings of IP addresses to host names. Each

entry should be kept on an individual line. The IP address should

be placed in the first column followed by the corresponding host name.

The IP address and the host name should be separated by at least one

space.

Additionally, comments (such as these) may be inserted on individual

lines or following the machine name denoted by a '#' symbol.

For example:

102.54.94.97 rhino.acme.com # source server

38.25.63.10 x.acme.com # x client host

localhost name resolution is handle within DNS itself.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal");

user_pref("browser.search.defaultenginename", "Baixaki");
user_pref("browser.search.selectedEngine", "Baixaki");

Added to C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");

user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js:

user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");
user_pref("browser.search.order.1", "Yahoo");

Added to C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");

user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_052014_1721_.backup

ProfilePath: C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_052014_1721_.backup

==== Deleting Files \ Folders ======================

C:\Users\Asafer\AppData\Roaming\ZoomBrowser EX deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Windows\wininit.ini deleted
C:\Users\Asafer\AppData\Roaming\unins002.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [02/04/2014 05:24]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [04/12/2013 08:25]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox

• Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
29B5096C332ECE24A72024212A2282EF - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
7B32EC68B2D0EAE4C1333EEB53199571 - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
AFE3A71FF60C5A30DF58D43C2243A60B - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
6405D35B002039122117B4EAD3EDD8BD - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal
4DC48F347E212C32BACCEC6FE3532300 - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil
922F6A358C10A8BA4BCD3766227F3CAE - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[26/03/2013 12:08]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[26/03/2013 12:08]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/11/2013 14:53]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/11/2013 14:53]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[26/03/2013 12:08]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
caimihdmbpgddfpkbochehpehdglpcim - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\uni\sf.crx[11/11/2013 07:58]
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[19/08/2013 07:37]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[02/04/2014 16:21]

SocialReviver - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald
YouTube - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
GBBD Guardi\u00E3o - Ita\u00FA 30 horas - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\caimihdmbpgddfpkbochehpehdglpcim
Google Search - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Password Manager plugin - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdnahjkclbpahfnjmpcbacidgllghba
Safe Money - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Virtual Keyboard - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
GBBD Banco do Brasil - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkafhcogdnfhkmiepeebkkdbdphnjfll
GBBD Guardião - Itaú 30 horas - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
F.B. Purity - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl
Google Wallet - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
GBBD Banco do Brasil - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman
Google Docs - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Safe Money - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Virtual Keyboard - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
Google Wallet - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{86c83f9e-48a4-4cd2-a763-64fea5df35f7} Unknown Url="Not_Found"
{F5D78999-D62D-4B36-94BD-7CAF7853C20A} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Asafer_2\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F5D78999-D62D-4B36-94BD-7CAF7853C20A} deleted successfully

==== Deleting CLSID Registry Values ======================

==== shortcuts on Users Desktops ======================

C:\Users\Asafer\Desktop\Central de Soluções HP.lnk -
C:\Users\Asafer\Desktop\Dropbox.lnk - C:\Users\Asafer\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Asafer\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Asafer\Desktop\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\Users\Asafer\Desktop\NC - Atalho.lnk - C:\SNDATA\NC
C:\Users\Asafer\Desktop\Photomatix Pro 3.lnk - C:\Program Files (x86)\PhotomatixPro3\PhotomatixPro.exe
C:\Users\Asafer\Desktop\Safe Money.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Asafer\Desktop\Skype (2) -.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe /secondary
C:\Users\Asafer\Desktop\Arquivos\Adobe Acrobat X Pro.lnk - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Users\Asafer\Desktop\Arquivos\Adobe Download Assistant.lnk - C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe
C:\Users\Asafer\Desktop\Arquivos\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Asafer\Desktop\Arquivos\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Asafer\Desktop\Arquivos\AquariusPlus.lnk - C:\Windows\Installer\{B47BED55-53BE-4348-AD26-E1CF7FA2016A}\app_icon.ico
C:\Users\Asafer\Desktop\Arquivos\Bitstream Font Navigator (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\FontNav64\FontNav.exe
C:\Users\Asafer\Desktop\Arquivos\Corel CAPTURE X6 (64-Bit).lnk - c:\Windows\Installer\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}\NewShortcut6_C2D12190778B49D7B6847BAECAE7BE9D.exe
C:\Users\Asafer\Desktop\Arquivos\Corel CONNECT X6 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Connect64\Connect.exe
C:\Users\Asafer\Desktop\Arquivos\Corel PHOTO-PAINT X6 (64-Bit).lnk - c:\Windows\Installer\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}\NewShortcut4_1B93EBAA624B47A7847E8976FF2E037B.exe
C:\Users\Asafer\Desktop\Arquivos\Execução Segura de Sites.lnk -
C:\Users\Asafer\Desktop\Arquivos\Google Chrome.lnk - C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asafer\Desktop\Arquivos\Google Earth (2).lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Asafer\Desktop\Arquivos\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Asafer\Desktop\Arquivos\HP Photosmart Essential 3.5.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqpse.exe
C:\Users\Asafer\Desktop\Arquivos\Kaspersky PURE.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Users\Asafer\Desktop\Arquivos\Manual de Cobrança.lnk -
C:\Users\Asafer\Desktop\Arquivos\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Asafer\Desktop\Arquivos\SISCOB.lnk - C:\Itau\Cobranca\Siscob.exe
C:\Users\Asafer\Desktop\Arquivos\backups\InterApp Control.lnk - C:\Program Files (x86)\qubnfe\qubnfe.exe
C:\Users\Asafer\Desktop\Arquivos\Exportação sem título\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Asafer\Desktop\Arquivos\Exportação sem título\PokerStars.lnk -
C:\Users\Asafer\Desktop\Arquivos\Exportação sem título\Receitanet 1.03 .lnk -
C:\Users\Asafer\Desktop\Arquivos\Nova pasta\Program Files\MioMap\Destinator.lnk -
C:\Users\Asafer\Desktop\back up leandro\Gabriela\Atalho para Cópia de MODELO-COMISSÕES- 08 2009.xls.lnk -
C:\Users\Asafer\Desktop\back up leandro\navman ipiranga\Program Files\MioMap\Destinator.lnk -
C:\Users\Asafer_2\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer_2\Desktop\NC - Atalho.lnk - C:\SNDATA\NC
C:\Users\Asafer_2\Desktop\Safe Money.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Asafer_2\Desktop\Nova pasta\Adobe Photoshop Elements 11.lnk - C:\Program Files (x86)\Adobe\Elements 11 Organizer\Photoshop Elements 11.0.exe
C:\Users\Asafer_2\Desktop\Nova pasta\BB Token Admin Tool.lnk - C:\Program Files (x86)\Brazil\Brazil USB token Tool\BBAdmintool.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Digital Photo Professional.lnk - C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe
C:\Users\Asafer_2\Desktop\Nova pasta\EOS Utility.lnk - C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Asafer_2\Desktop\Nova pasta\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Lightroom 3.5 64-bit.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 3.5\lightroom.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Noiseware Professional Edition.lnk - C:\Program Files (x86)\Imagenomic\Noiseware Professional Edition\NoisewarePro.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Perfect Effects 4.lnk - C:\Program Files\onOne Software\Perfect Effects 4\Perfect Effects 4.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Picture Style Editor.lnk - C:\Program Files (x86)\Canon\Picture Style Editor\PSEditor.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AutoCAD 2011 - English.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2011\acad.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\CorelDRAW X6 (64-Bit).lnk - c:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut1_41AAC0AC880545E6A1C81230F4159C30.exe
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\SigmaNEST Version 8.0.lnk - C:\Program Files (x86)\SigmaTEK\SigmaNEST81\SigmaNEST.exe
C:\Users\Public\Desktop\SolidWorks 2010 x64 Edition.lnk - C:\Windows\Installer\{E9173A5F-22A6-4152-848E-45851DB99162}\i386_SldWorks.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Asafer\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Asafer\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2014.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2014.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2014.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Asafer\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2010 x64 Edition.lnk - C:\Windows\Installer\{E9173A5F-22A6-4152-848E-45851DB99162}\i386_SldWorks.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2010.lnk - C:\Program Files (x86)\SolidWorks Corp\SolidWorks eDrawings\EModelViewer.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SolidWorks Explorer 2010.lnk - C:\Windows\Installer\{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}\NewShortcut1.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\25bb2cdfb96af2d6\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Asafer_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6 folders=3 808102 bytes)

==== Empty Temp Folders ======================

C:\Users\Asafer\AppData\Local\Temp will be emptied at reboot
C:\Users\Asafer_2\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Asafer\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 12/05/2014 at 17:35:00,98 ======================

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

:seta: Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

Bom dia segue: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Asafer on 13/05/2014 at 8:08:32,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Asafer\AppData\Roaming\mozilla\firefox\profiles\5r2g6265.default\minidumps [8 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/05/2014 at 8:16:50,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Faça o download do < ZHPDiag2.exe > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" />> ( ... de Nicolas Coolman* )

:seta: Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Bom dia, segue o mesmo:

~ Relatório do ZHPDiag v2014.5.12.61 - Nicolas Coolman (12/05/2014)
~ Iniciado por Asafer (13/05/2014 10:59:20)
~ Endereço do Website : http://nicolascoolman.webs.com

~ Blog de análise de software : http://nicolascoolman.byethost7.com/wordpress/

~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/

~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17105
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Kaspersky PURE 3.0 v13.0.2.558
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.11

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI - Português

Java 7 Update 51
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3767 MB (23% free)
System Restore: Activé (Enable)
System drive C: has 629 GB (68%) free of 922 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ASAFER-HP
~ User Name: Asafer
~ All Users Names: HomeGroupUser$, Convidado, Asafer_2, Asafer, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Asafer\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Asafer\AppData\Roaming\
~ %Desktop% : C:\Users\Asafer\Desktop\
~ %Favorites% : C:\Users\Asafer\Favorites\
~ %LocalAppData% : C:\Users\Asafer\AppData\Local\
~ %StartMenu% : C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 629 Go of 922 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 10 Go)
E: CD-ROM drive (Free 0 Go of 2 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/154
~ Mes musiques (My Musics) : 1/8
~ Mes Favoris (My Favorites) : 1/54
~ Mes Documents (My Documents) : 4/315
~ Mon Bureau (My Desktop) : 4/39439
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 56s

---\\ Processos lançados
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.2612]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3124]
[MD5.63A648C5FEB5DE641E1174ACB6CF78C6] - (.No owner - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888] [PID.3268]
[MD5.4C8942B8721813E5C8874D47112DCF73] - (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616] [PID.3540]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016] [PID.3724]
[MD5.B54921381A950C8215FB363B485C432B] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [270336] [PID.3960]
[MD5.EBE6AD4AE1CB00559C10B206225673F8] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Asafer\AppData\Roaming\Dropbox\bin\Dropbox.exe [33604728] [PID.3992]
[MD5.6A35F79EBDEF04CFD462059B0C0AA431] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696] [PID.3868]

[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576] [PID.4032]
[MD5.7D58C9BDF9C0A3955BDCDE7387AD12AC] - (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920] [PID.3672]

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [user Data\Default] [caimihdmbpgddfpkbochehpehdglpcim] GBBD Guardião - Itaú 30 horas v.3.6.0 (Désactivé)
G2 - GCE: Preference [user Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] Conselheiro de URLs da Kaspersky v.13.0.2.558 (Désactivé)
G2 - GCE: Preference [user Data\Default] [dhdnahjkclbpahfnjmpcbacidgllghba] Password Manager plugin v.7.0.3.11 (Activé)
G2 - GCE: Preference [user Data\Default] [hakdifolhalapjijoafobooafbilfakh] Dinheiro seguro v.13.0.2.558 (Désactivé)
G2 - GCE: Preference [user Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Content Blocker v.13.0.2.614 (Désactivé)
G2 - GCE: Preference [user Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Virtual Keyboard v.13.0.2.614 (Désactivé)
G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.4.0 (Désactivé)
G2 - GCE: Preference [user Data\Default] [pjldcfjmnllhmgjclecdnfampinooman] Anti-Banner v.13.0.2.558 (Désactivé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 24 Legitimates Filtered in 00mn 01s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\prefs.js
M3 - MFPP: Plugins - [Asafer] -- C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\searchplugins\Baixaki.xml
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
P2 - FPN: [HKCU] [wacom.com/WacomTabletPlugin] - (...) -- C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (.not file.)
~ Firefox Browser: 26 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=systempropertiesperformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 22 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [smartMenu] . (.No owner - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Windows Mobile Device Center] . (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [iSUSPM Startup] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [iSUSScheduler] . (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Teclado Virtual [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kbrd.ico
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Verificação de URLs [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
~ Services: 21 Legitimates Filtered in 00mn 09s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForAsafer [336]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 05s

---\\ Software instalados (042)
O42 - Logiciel: AquariusPlus - (.GPS Aquarius.) [HKLM][64Bits] -- {E868D3AD-0F3D-4174-9BED-13B992EABFC0}
O42 - Logiciel: BBAdminTool - (.Watchdata Technologies Pte., Ltd..) [HKLM][64Bits] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: Fatalyzer - (...) [HKLM][64Bits] -- ST5UNST #1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GBBD Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: SISCOB - (...) [HKLM][64Bits] -- {D5940AE3-7244-11D6-BAB7-00010332BA5B}
O42 - Logiciel: SigmaNEST 8.1 C112 - (.SigmaTEK.) [HKLM][64Bits] -- {483572BB-9119-4123-B2F2-365C140A269E}
~ Logic: 29 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GPS Aquarius]
[HKCU\Software\GbAs]
[HKCU\Software\SigmaNEST]
[HKCU\Software\ToolbarCleaner]
[HKCU\Software\Uniko]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Banco Itaú Unibanco S.A.]
[HKLM\Software\Wow6432Node\SigmaNEST]
[HKLM\Software\Wow6432Node\SigmaTEK]
[HKLM\Software\Wow6432Node\sXe_Injected]
~ Key Software: 406 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/11/2013 - 13:06:20 - [] ----D C:\Program Files (x86)\Brazil
O43 - CFD: 23/09/2011 - 15:21:42 - [] ----D C:\Program Files (x86)\Fatalyzer
O43 - CFD: 12/02/2014 - 08:13:14 - [] ----D C:\Program Files (x86)\GPS Aquarius
O43 - CFD: 27/12/2012 - 13:14:02 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 31/08/2011 - 08:14:58 - [] ----D C:\Program Files (x86)\SigmaTEK
O43 - CFD: 05/09/2011 - 10:41:56 - [] ----D C:\Program Files (x86)\Common Files\SigmaTEK Shared
O43 - CFD: 13/02/2013 - 09:50:36 - [] ----D C:\ProgramData\Pictures
O43 - CFD: 05/09/2011 - 10:40:53 - [] ----D C:\ProgramData\SigmaTEK
O43 - CFD: 14/09/2011 - 08:00:28 - [] ----D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
O43 - CFD: 31/08/2011 - 08:17:03 - [] ----D C:\Users\Asafer\AppData\Roaming\SigmaTEK
O43 - CFD: 28/08/2013 - 16:11:04 - [0] ----D C:\Users\Asafer\AppData\Local\DM
O43 - CFD: 12/02/2014 - 08:13:47 - [] ----D C:\Users\Asafer\AppData\Local\GPS Aquarius
O43 - CFD: 02/10/2013 - 16:54:56 - [0] -SH-D C:\Users\Asafer\AppData\Local\ms-drivers
O43 - CFD: 28/12/2012 - 15:51:55 - [] ----D C:\Users\Asafer\AppData\Local\PokerStars
O43 - CFD: 13/05/2014 - 09:15:44 - [] ----D C:\Users\Asafer\AppData\Local\SN
O43 - CFD: 22/10/2013 - 14:08:58 - [] ----D C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
O43 - CFD: 14/04/2014 - 09:54:48 - [] ----D C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 250 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.82865FF17BC664C711EFA674759F9991] - 12/05/2014 - 13:47:11 ---A- . (...) -- C:\Windows\KMService.exe [77824] =>Hijacker.Office
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 12/05/2014 - 17:07:16 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.D48A1769EF73C9C7D19757F6F9D4A0C2] - 12/05/2014 - 17:35:00 ---A- . (...) -- C:\zoek-results.log [29895]
O44 - LFC:[MD5.1C01E17C7DF7887243992AA09F409EBB] - 13/05/2014 - 08:23:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [167342]
O44 - LFC:[MD5.F4920EC5D61F877BC6792836D5E8B96C] - 13/05/2014 - 08:23:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [760674]
~ Files: 19 Legitimates Filtered in 00mn 03s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:02/06/2011 - 13:39:44 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]
O58 - SDL:02/06/2011 - 13:39:44 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:03/12/2012 - 15:36:34 ---A- . (.Windows ® Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [13728]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:13/05/2014 - 08:03:44 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:16/05/2012 - 08:58:46 -SHA- . (...) -- C:\Windows\SysWOW64\KGyGaAvL.sys [848]
~ Drivers: 85 Legitimates Filtered in 00mn 05s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.04128EE979BBE14A5F53827BCA02C54B] [sPRF][04/11/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.CE4DE5D4E2D96839DD62E4FA5E810BC9] [sPRF][18/10/2013] (...) -- C:\Users\Asafer\AppData\Roaming\unins000.dat [29426]
[MD5.0E9E747B7A6AD1405EE71883ED41C177] [sPRF][05/07/2013] (...) -- C:\Users\Asafer\AppData\Roaming\unins001.dat [12521]
[MD5.36C96F4310AC9A6FC761D8257156799C] [sPRF][04/12/2013] (...) -- C:\Users\Asafer\AppData\Roaming\unins002.dat [19438]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][31/08/2011] (...) -- C:\Users\Asafer\AppData\Roaming\wklnhst.dat [0]
~ Files: 10 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{40DBD9C9-D7E5-431C-8BD7-43B359FAA575}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Asafer\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{0699D5F1-1E95-4A9B-A4A4-4673FDD03800}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Asafer\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

---\\ Search CLSID Registry Key (O101)

[HKCR\CLSID\{2E83568E-0640-4025-B60D-A4A6AE7C6076}] (uiMeshPrepCompPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{3366F6CE-2DDD-4F91-B80C-7960B169E02C}] (uiMeshDoctorPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{33F346BB-F43E-455A-A633-5F5FC689D4D0}] (uiMeshDecoWizardPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{AC1789A1-CEB9-479E-852B-6608F910033C}] (uiMeshManipulationPage Class) =>PUP.iMesh
[HKCR\CLSID\{D2DDE660-A14E-4D3D-A0CB-0C9AE7736085}] (uiMeshRelaxPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{E3FCFE4B-1A8A-4D1D-85C6-F84B0E98B43B}] (uiMeshSplitPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{F3AE0F4E-C3C6-41FB-BE1D-39F7A7A6319D}] (uiMeshSmoothPage_c Class) =>PUP.iMesh

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 15/10/2009 87336 | (CoordinatorServiceHost) . (.Dassault Systèmes SolidWorks Corp..) - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
SS - | Demand 20/10/2011 867080 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

SS - | Auto 30/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

---\\ Scâner Aditional (088)
Database Version : 13045 - (12/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 8

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
C:\Windows\KMService.exe =>Hijacker.Office^
[HKCR\CLSID\{2E83568E-0640-4025-B60D-A4A6AE7C6076}] (uiMeshPrepCompPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{3366F6CE-2DDD-4F91-B80C-7960B169E02C}] (uiMeshDoctorPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{33F346BB-F43E-455A-A633-5F5FC689D4D0}] (uiMeshDecoWizardPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{AC1789A1-CEB9-479E-852B-6608F910033C}] (uiMeshManipulationPage Class) =>PUP.iMesh^
[HKCR\CLSID\{D2DDE660-A14E-4D3D-A0CB-0C9AE7736085}] (uiMeshRelaxPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{E3FCFE4B-1A8A-4D1D-85C6-F84B0E98B43B}] (uiMeshSplitPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{F3AE0F4E-C3C6-41FB-BE1D-39F7A7A6319D}] (uiMeshSmoothPage_c Class) =>PUP.iMesh^

---\\ Sumário das deteções encontradas na sua estação

[http://nicolascoolman.webs.com/apps/blog/show/29626487-hijacker-office](http://nicolascoolman.webs.com/apps/blog/show/29626487-hijacker-office) =>Hijacker.Office

[http://nicolascoolman.byethost7.com/pup-imesh/](http://nicolascoolman.byethost7.com/pup-imesh/) =>PUP.iMesh

~ 995 Legitimates filtered by white list
End of the scan (546 lines in 03mn 38s)(0)

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

_______________________________________________________________________

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Boa tarde, não sei pq mas não saiu relatório...

No aguardo

Obrigado

Leandro

repita o procedimento que te passei e veja se assim gera o relatório

Mesmo assim não vai, ele começa a fazer a operação e fecha...

:seta: Você fez uma verificação com o Malwarebytes depois deste problema começar a acontecer? Se tiver feito, poste o relatório dele aqui em seu tópico para podermos analisar.

____________________________________________________________________________

Caso não tenha feito uma verificação atualmente, faça desta forma abaixo por gentileza:

Alterando o idioma do Malwarebytes para o português:

Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings como mostra esta imagem:

/applications/core/interface/imageproxy/imageproxy.php?img=http://4.bp.blogspot.com/-q5PvwLl49J8/U1vLGwIzWAI/AAAAAAAAeoI/UlHEMAJyaps/s1600/tutorial-malwarebytes-2.jpg&key=996c287f7d88b079200b6217eb17a28ceb760853a2196cadb3606aa17e45b3d8" alt="tutorial-malwarebytes-2.jpg" />

Na próxima tela que surge, clique em Language e selecione a opção Portugueze (Brazil):

/applications/core/interface/imageproxy/imageproxy.php?img=http://4.bp.blogspot.com/-Xzi4hNVswlI/U1vMQ4q0_MI/AAAAAAAAeoU/2YzRirZiaNc/s1600/tutorial-malwarebytes-3.jpg&key=bd2694963334045d62d5b5029968443fe61ee9c183039fd626b7045b7e10f763" alt="tutorial-malwarebytes-3.jpg" />

___________________________________________________________________________

Como executar uma verificação personalizada com o Malwarebytes:

• Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:

/applications/core/interface/imageproxy/imageproxy.php?img=http://1.bp.blogspot.com/-nNE7LahJXFE/U0sFnwfHnLI/AAAAAAAAeOI/n5fl1EPqCHQ/s1600/malwarebytes-tutorial-11.jpg&key=4214b44e1b996b41dcc75396a43a6bdf56e54c0709bc0fb5961d472dee0d97a7" alt="malwarebytes-tutorial-11.jpg" />

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:

Verificar Objetos na Memória

Verificar as Configurações da Inicialização e do Registro

Verificar Arquivos Compactados

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:

/applications/core/interface/imageproxy/imageproxy.php?img=http://1.bp.blogspot.com/-5vtGPm94da4/U0sZdx4R4HI/AAAAAAAAeQQ/VgEiJP0GGCQ/s1600/malwarebytes-tutorial-12.jpg&key=e5e769446420835c359c3991fc430ddde9cc3df27f3d66c0f3384314c7ef2f34" alt="malwarebytes-tutorial-12.jpg" />

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

/applications/core/interface/imageproxy/imageproxy.php?img=http://3.bp.blogspot.com/-nDoVIXDlExA/U0sIociCt1I/AAAAAAAAeOc/G78lwmJD6qI/s1600/malwarebytes-tutorial-13.jpg&key=36dcdb722e83741037bc2d8ea162c014e3634103d97cd8609723d7d27f75cc08" alt="malwarebytes-tutorial-13.jpg" />

Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:

/applications/core/interface/imageproxy/imageproxy.php?img=http://2.bp.blogspot.com/-tbNiseyiYio/U0sJVKSx_qI/AAAAAAAAeOs/caY129fD2q4/s1600/malwarebytes-tutorial-1.jpg&key=2638c4b9562c3345a18e3d3085d33d6245ae30d77bd3dd5670dd5ffdd6965769" alt="malwarebytes-tutorial-1.jpg" />

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).

Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:

/applications/core/interface/imageproxy/imageproxy.php?img=http://2.bp.blogspot.com/-1Ewu0bQ91pY/U0sLvOiRvXI/AAAAAAAAeO4/Hx58TRqhZf8/s1600/malwarebytes-tutorial-2.jpg&key=6339196cb32744984138200af1c983c4c5fdc5f9a8a86e3a8c68ff5443243dc2" alt="malwarebytes-tutorial-2.jpg" />

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:

/applications/core/interface/imageproxy/imageproxy.php?img=http://3.bp.blogspot.com/-qwltAhRVCvA/U0sMFQ_qbdI/AAAAAAAAePA/aM4hautfUuY/s1600/malwarebytes-tutorial-3.jpg&key=e32aa561e81e38f1ba27e0074e853d5bfa19ac9f5b99206b898721b9a2366575" alt="malwarebytes-tutorial-3.jpg" />

Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.

Malwarebytes Anti-Malware

www.malwarebytes.org

Data de Verificação: 16/04/2014

Hora da Verificação: 10:36:49

Logfile: 456.txt

Administrador: Sim

Versão: 2.00.1.1004

Malware Database: v2014.04.16.05

Rootkit Database: v2014.03.27.01

Licença: Premium

Proteção de Malware: Enabled

Proteção de Site Malicioso: Enabled

Chameleon: Desabilitado

OS: Windows 7 Service Pack 1

CPU: x64

Sistema de Arquivo: NTFS

Usuário: Asafer

Tipo da Verificação: Verificar Ameaça

Resultado: Completado

Arquivos Verificados: 375396

Tempo Decorrido: 28 min, 1 seg

Memória: Enabled

Inicialização: Enabled

Filesystem: Enabled

Arquivos: Enabled

Rootkits: Desabilitado

Shuriken: Enabled

PUP: Warn

PUM: Enabled

Processos: 0

(No malicious items detected)

Módulos: 0

(No malicious items detected)

Chaves de Registro: 4

PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\Mega Browse, No Action By User, [e81dee3d403be1552d3f6e04cc36b44c],

PUP.Optional.MegaBrowse.A, HKU\S-1-5-21-3731980268-2904590947-1619489453-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Mega Browse, No Action By User, [848149e2abd066d0f37889e9eb17e11f],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3731980268-2904590947-1619489453-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, No Action By User, [699cde4d3b4077bf4f797a010ef4758b],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3731980268-2904590947-1619489453-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, No Action By User, [63a249e24f2cc472dc267c16649f2cd4],

Valores de Registro: 1

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3731980268-2904590947-1619489453-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1R1Q1O0G2Z1I1E, No Action By User, [63a249e24f2cc472dc267c16649f2cd4]

Dados do Registro: 0

(No malicious items detected)

Pastas: 7

PUP.Optional.BlueSprig.A, C:\ProgramData\BlueSprig, No Action By User, [e32260cb1368b87ec2746dfbf90948b8],

PUP.Optional.BlueSprig.A, C:\ProgramData\BlueSprig\JetBoost, No Action By User, [e32260cb1368b87ec2746dfbf90948b8],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Backup, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Startup, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

Arquivos: 21

PUP.Optional.MegaBrowse.A, C:\$RECYCLE.BIN\S-1-5-21-3731980268-2904590947-1619489453-1000\$RHSTZ9W.dll, No Action By User, [58ad59d2e19a2511ea4a510dae5322de],

PUP.Optional.InstallCore, C:\Users\Asafer\Downloads\icq-82-build-6893-32-bits.exe, No Action By User, [7c896bc0b7c47eb8962815ff828204fc],

PUP.Optional.ExtendedSetup, C:\Users\Asafer\Downloads\toolbar-cleaner-1301-32-bits (1).exe, No Action By User, [7d88092286f5ec4a16f3b00aa0636c94],

PUP.Optional.ExtendedSetup, C:\Users\Asafer\Downloads\toolbar-cleaner-1301-32-bits.exe, No Action By User, [8d78b378a8d3e155d831caf008fb02fe],

PUP.Optional.Bundle, C:\Users\Asafer\Downloads\utorrent-332-build-30570-32-bits.exe, No Action By User, [42c370bb7dfe85b1c1f479f29869f808],

PUP.RiskwareTool.CK, C:\Users\Asafer\Downloads\Crack Amtlib.dll 32bit & 64bit.rar, No Action By User, [c144f43789f21422d75e54815fa240c0],

PUP.Optional.MegaBrowse.A, C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi, No Action By User, [12f388a3f08be056739594dd857da060],

PUP.Optional.BlueSprig.A, C:\ProgramData\BlueSprig\JetBoost\FilterDB.db, No Action By User, [e32260cb1368b87ec2746dfbf90948b8],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Config.ini, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Ignore.ini, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Backup\JetCleanBackup-2012-10-31(08-10-24).reg, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Backup\JetCleanBackup-2012-10-31(14-45-54).reg, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Backup\JetCleanBackup-2012-12-10(11-11-33).reg, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Backup\JetCleanBackup-2013-01-03(11-19-49).reg, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log\JetCleanLog-2012-10-31(08-10-45).txt, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log\JetCleanLog-2012-10-31(14-46-02).txt, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log\JetCleanLog-2012-12-10(11-12-10).txt, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log\JetCleanLog-2013-01-03(11-20-21).txt, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log\JetCleanLog-2013-05-23(13-18-58).txt, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.MyStartTB.A, C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=hp_4802");), No Action By User,[e81dbe6d1c5f3afc68bf1f31eb19ab55]

PUP.Optional.MyStartTB.A, C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://www.mystart.com/results.php?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=bs_4802&q=");), No Action By User,[32d378b3e09bfa3c9cbf8fc148bcc838]

Physical Sectors: 0

(No malicious items detected)

(end)

Está constando no log que nenhuma ação foi tomada pelo usuário para remover as ameaças. Além disto foi feita só uma verificação simples com ele.

Faça, por gentileza, uma verificação seguindo exatamente os passos que te passei na resposta anterior e poste o resultado.

Malwarebytes Anti-Malware

www.malwarebytes.org

Data de Verificação: 14/05/2014

Hora da Verificação: 13:32:00

Logfile: 66789.txt

Administrador: Sim

Versão: 2.00.1.1004

Malware Database: v2014.05.14.03

Rootkit Database: v2014.03.27.01

Licença: Premium

Proteção de Malware: Enabled

Proteção de Site Malicioso: Enabled

Chameleon: Desabilitado

OS: Windows 7 Service Pack 1

CPU: x64

Sistema de Arquivo: NTFS

Usuário: Asafer

Tipo da Verificação: Verificação Personalizada

Resultado: Completado

Arquivos Verificados: 744965

Tempo Decorrido: 5 hr, 28 min, 59 seg

Memória: Enabled

Inicialização: Enabled

Filesystem: Enabled

Arquivos: Enabled

Rootkits: Desabilitado

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

Processos: 1

RiskWare.Tool.CK, C:\Windows\KMService.exe, 1052, Delete-on-Reboot, [7ccf3819ff7cb97d44c9a112f60bc23e]

Módulos: 0

(No malicious items detected)

Chaves de Registro: 0

(No malicious items detected)

Valores de Registro: 1

Malware.Packer.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SIGMATEK SHARED\HASP\WRTSIM80.EXE, 1, Quarantined, [70dbe07185f6979f442e6d37728e3dc3]

Dados do Registro: 0

(No malicious items detected)

Pastas: 0

(No malicious items detected)

Arquivos: 14

PUP.RiskwareTool.CK, C:\Users\Asafer\Desktop\back up leandro\A\Adobe Photoshop CS6-Ingles\Crack Amtlib.dll 32bit & 64bit.rar, No Action By User, [ec5f53feec8f290d3fbc0dd617ea4cb4],

PUP.RiskwareTool.CK, C:\Users\Asafer\Desktop\back up leandro\A\Adobe Photoshop CS6-Ingles\a-Crack\32-bit\amtlib.dll, No Action By User, [52f9d77a3744db5b8972d50ef30e966a],

PUP.RiskwareTool.CK, C:\Users\Asafer\Downloads\Crack Amtlib.dll 32bit & 64bit.rar, No Action By User, [d7746ae7c9b2eb4bb843d60d000139c7],

PUP.RiskwareTool.CK, C:\Users\Asafer\Dropbox\leandro-Danielle\Adobe Photoshop CS6\crack_PS6\32-bit\amtlib.dll, No Action By User, [1c2f62ef611a46f07586826106fba55b],

PUP.RiskwareTool.CK, C:\Users\Asafer\Dropbox\leandro-Danielle\Adobe Photoshop CS6\crack_PS6\64-bit\amtlib.dll, No Action By User, [56f51938d2a941f5fa0205de50b1f20e],

RiskWare.Tool.CK, C:\Windows\KMService.exe, Delete-on-Reboot, [7ccf3819ff7cb97d44c9a112f60bc23e],

PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\AMTLib.dll, Quarantined, [33183e1334475fd736c6697a748dc838],

PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll, Quarantined, [65e6d879314af442b547b72c5ba658a8],

Malware.Packer.T, C:\Program Files (x86)\Common Files\SigmaTEK Shared\Hasp\Wrtsim80.exe, Quarantined, [70dbe07185f6979f442e6d37728e3dc3],

PUP.RiskwareTool.CK, C:\Users\Asafer\Desktop\back up leandro\A\Adobe Photoshop CS6-Ingles\a-Crack\64-bit\amtlib.dll, Quarantined, [123971e0f5861125ed0f479c2dd46b95],

Trojan.Agent.H, C:\Users\Asafer\Desktop\back up leandro\backup\xiter.rar, Quarantined, [72d9b59c2d4e7bbb738a0dc80cf518e8],

Hacktool.Agent, C:\Users\Asafer\Desktop\back up leandro\programas\Windows Loader v1.8.8.zip, Quarantined, [92b9bb968af103338592da6f669b827e],

Hacktool.Agent, C:\Users\Asafer\Desktop\back up leandro\programas\Windows Loader\Windows Loader.exe, Quarantined, [e863c988562593a371a687c2e31e8a76],

Hacktool.Agent, C:\Users\Asafer\Desktop\back up leandro\programas\Windows Loader v1.8.8\Windows Loader\Windows Loader.exe, Quarantined, [a7a4b29ff982270f7f98ab9eb64b0af6],

Physical Sectors: 0

(No malicious items detected)

(end)

Desative temporariamente seu antivirus para evitar conflitos.

Baixe: < Pre_Scan > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: /applications/core/interface/imageproxy/imageproxy.php?img=http://www.telecharger.sosvirus.net/wp-content/plugins/wpdm-download-button/images/530637d6efc63.png&key=21ce1720edee13c53fa7ba946a586ee208b691686f77c1248daec3f232aeee1b" alt="530637d6efc63.png" />

:seta: Execute-o da forma indicada nesta postagem:

Tutorial de instalação e execução do Pre_Scan

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Pre_Scan\Pre_Scan_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 4.05.06.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 14:58:35

Updated 06/05/2014 | 10.55 by g3n-h@ckm@n

Contact : http://www.sosvirus.net/

Pre_Script Infos : http://gen-hackman.purforum.com/t49-5-les-switchs-du-script

Pre_scan Feedbacks : http://gen-hackman.purforum.com/f10-pre_scan-feedbacks

[Asafer (Administrator)] - [ASAFER-HP]

SID = S-1-5-21-3731980268-2904590947-1619489453-1000

Starting up : Normal

System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1

ProcessorNameString : Intel® Core i3 CPU 540 @ 3.07GHz

Identifier : Intel64 Family 6 Model 37 Stepping 2

Memory RAM = Total (MB) : 3857 | Free (MB) : 2228

Pagefile = Total (MB) : 7713 | Free (MB) : 5940

Virtual = Total (MB) : 4194 | Free (MB) : 3966

¤¤¤¤¤¤¤¤¤¤ | Components of starting up

C:\Windows\Setup\Scripts\oobe.cmd

C:\Windows\Setup\Scripts\SetupComplete.cmd

¤¤¤¤¤¤¤¤¤¤¤ | Drives

C:\-> [Fixed] | [OS] | Total : 943730 Mo | Free : 642000 Mo -> NTFS

D:\-> [Fixed] | [HP_RECOVERY] | Total : 10030 Mo | Free : 1220 Mo -> NTFS

E:\-> [CDROM] | [Office14] | Total : 2110 Mo | Free : 0 Mo -> CDFS

F:\-> [Removable] | [] | Total : 1910 Mo | Free : 1610 Mo -> FAT

¤¤¤¤¤¤¤¤¤¤ | Windows updates

No detected update !!!

¤¤¤¤¤¤¤¤¤¤ | Sessions

C:\Windows\system32\config\systemprofile

C:\Windows\ServiceProfiles\LocalService

C:\Windows\ServiceProfiles\NetworkService

C:\Users\Asafer

C:\Users\Asafer_2

Registry saved , to restore : C:\Pre_Scan\Save\Scan\ERDNT.exe

stand-by mode deleted !

¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.17041 (© Microsoft Corporation. Todos os direitos reservados.)

FF : 28.0.0.5186 (©Firefox and Mozilla Developers; available under the MPL 2 license.)

GC : 34.0.1847.137 (Copyright 2012 Google Inc.)

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

FlashPlayer ActiveX : 13.0.0.214

FlashPlayer Plugin : 13.0.0.214

¤¤¤¤¤¤¤¤¤¤ | Security

AS : Windows Defender Enabled

WU: Windows Update Service [Auto(2)] = Running

AS: Windows Defender [Auto(2)] = Running

FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ | Stopped processes

944 | [Owner : |Parent : 760] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.1.6.3) = C:\PROGRA~2\GbPlugin\gbpsv.exe

1360 | [Owner : |Parent : 760] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe

1604 | [Owner : SISTEMA |Parent : 760] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.7.0.0) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1668 | [Owner : SISTEMA |Parent : 760] - (.Apple Inc. - YSLoader.exe.) - (17.327.4.11) = C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1788 | [Owner : SISTEMA |Parent : 760] - (.Infowatch - InfoWatch CryptoStorage Protected objects controller service.) - (2.0.201.0) = C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

1840 | [Owner : SISTEMA |Parent : 760] - (.SafeNet Inc. - Sentinel LDK License Manager Service.) - (15.0.1.36539) = C:\Windows\System32\hasplms.exe

1300 | [Owner : SISTEMA |Parent : 760] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) - (4.0.112.1) = C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

1796 | [Owner : SISTEMA |Parent : 760] - (.Hewlett-Packard Company - LightScribe Service.) - (1.18.22.2) = C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

2228 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - SQL Server Windows NT.) - (2005.90.5000.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

2392 | [Owner : SISTEMA |Parent : 760] - (.arvato digital services llc - PsiService PsiService.) - (3.1.0.56) = C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

2468 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - SQL Browser Service EXE.) - (2005.90.5000.0) = C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

2516 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2005.90.5000.0) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

2672 | [Owner : SISTEMA |Parent : 760] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

3044 | [Owner : SISTEMA |Parent : 760] - (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) - (3.4.0.0) = C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe

2916 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

3328 | [Owner : SISTEMA |Parent : 760] - (.Intel Corporation - IAStorDataSvc.) - (9.5.7.1002) = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

3352 | [Owner : SISTEMA |Parent : 2916] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

4636 | [Owner : SERVIÇO LOCAL |Parent : 640] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe

4108 | [Owner : SISTEMA |Parent : 760] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 11.0 (component).) - (11.0.0.0) = C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

4260 | [Owner : SISTEMA |Parent : 760] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (6.0.5.4) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

4360 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe

4464 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe

4164 | [Owner : Asafer |Parent : 760] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe

4160 | [Owner : Asafer |Parent : 4512] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe

4920 | [Owner : Asafer |Parent : 4160] - (.Intel Corporation - hkcmd Module.) - (8.15.10.2040) = C:\Windows\System32\hkcmd.exe

4972 | [Owner : Asafer |Parent : 876] - (.Intel Corporation - igfxsrvc Module.) - (8.15.10.2040) = C:\Windows\System32\igfxsrvc.exe

4644 | [Owner : Asafer |Parent : 4160] - (.Intel Corporation - persistence Module.) - (8.15.10.2040) = C:\Windows\System32\igfxpers.exe

5288 | [Owner : Asafer |Parent : 4160] - (.Microsoft Corporation - Notas Autoadesivas.) - (6.1.7600.16385) = C:\Windows\System32\StikyNot.exe

5420 | [Owner : Asafer |Parent : 4160] - (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) - (6.1.7601.17514) = C:\Program Files\Windows Sidebar\sidebar.exe

5440 | [Owner : Asafer |Parent : 2672] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

5992 | [Owner : Asafer |Parent : 5632] - (.Intel Corporation - IAStorIcon.) - (9.5.7.1002) = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

1000 | [Owner : SISTEMA |Parent : 2672] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

5328 | [Owner : SISTEMA |Parent : 2672] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

1500 | [Owner : Asafer |Parent : 876] - (.Kaspersky Lab - Kaspersky Password Manager.) - (7.0.3.11) = C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe

2476 | [Owner : SISTEMA |Parent : 4464] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe

5036 | [Owner : Asafer |Parent : 4160] - (.Google Inc. - Google Chrome.) - (34.0.1847.131) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

4992 | [Owner : Asafer |Parent : 5036] - (.Google Inc. - Google Chrome.) - (34.0.1847.131) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

5188 | [Owner : Asafer |Parent : 5036] - (.Google Inc. - Google Chrome.) - (34.0.1847.131) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

7136 | [Owner : Asafer |Parent : 5036] - (.Google Inc. - Google Chrome.) - (34.0.1847.131) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

5432 | [Owner : Asafer |Parent : 4160] - (.Microsoft Corporation - Microsoft Outlook.) - (14.0.7113.5000) = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

6396 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Microsoft Office Software Protection Platform Service.) - (14.0.370.400) = C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

3360 | [Owner : Asafer |Parent : 5036] - (.Google Inc. - Google Chrome.) - (34.0.1847.131) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

¤¤¤¤¤¤¤¤¤¤ | Running processes

424 | [Owner : SISTEMA |Parent : 4] - (.Microsoft Corporation - Gerenciador de Sessão do Windows.) - (6.1.7601.18229) = C:\Windows\System32\smss.exe

592 | [Owner : SISTEMA |Parent : 576] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe

652 | [Owner : SISTEMA |Parent : 636] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe

660 | [Owner : SISTEMA |Parent : 576] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe

700 | [Owner : SISTEMA |Parent : 636] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) - (6.1.7601.18409) = C:\Windows\System32\winlogon.exe

760 | [Owner : SISTEMA |Parent : 660] - (.Microsoft Corporation - Aplicativo de serviços e controle.) - (6.1.7600.16385) = C:\Windows\System32\services.exe

768 | [Owner : SISTEMA |Parent : 660] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18443) = C:\Windows\System32\lsass.exe

776 | [Owner : SISTEMA |Parent : 660] - (.Microsoft Corporation - Serviço do Gerenciador de Sessão Local.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe

876 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1004 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

604 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

640 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

568 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1020 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1212 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1416 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1452 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1744 | [Owner : SISTEMA |Parent : 760] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - (13.0.2.628) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

1472 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\SysWOW64\svchost.exe

2284 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

2328 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

2892 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

3536 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

3264 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

4876 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

4856 | [Owner : Asafer |Parent : 640] - (.Microsoft Corporation - Gerenciador de Janelas da Área de Trabalho.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe

4608 | [Owner : Asafer |Parent : 5632] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - (13.0.2.628) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

4116 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

7012 | [Owner : Asafer |Parent : 5036] - (. - .) - (0.0.0.0) = C:\Users\Asafer\Downloads\Pre_Scan.exe

6572 | [Owner : SISTEMA |Parent : 760] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.1.6.3) = C:\PROGRA~2\GbPlugin\gbpsv.exe

5532 | [Owner : SERVIÇO LOCAL |Parent : 640] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe

980 | [Owner : SISTEMA |Parent : 760] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

6216 | [Owner : Asafer |Parent : 876] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe

260 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2492 | [Owner : SISTEMA |Parent : 260] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

6852 | [Owner : Asafer |Parent : 980] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

4524 | [Owner : SISTEMA |Parent : 980] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

5556 | [Owner : SISTEMA |Parent : 980] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

7040 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe

4816 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe

5852 | [Owner : SISTEMA |Parent : 7040] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe

2784 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe

5356 | [Owner : SISTEMA |Parent : 760] - (.Apple Inc. - YSLoader.exe.) - (17.327.4.11) = C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

6752 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - SQL Browser Service EXE.) - (2005.90.5000.0) = C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

2544 | [Owner : SISTEMA |Parent : 760] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (6.0.5.4) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

6516 | [Owner : SISTEMA |Parent : 7040] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchFilterHost.exe

¤¤¤¤¤¤¤¤¤¤ | Winlogon user : OK !

¤¤¤¤¤¤¤¤¤¤ | Winlogon machine

Modified : [64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0

Modified : [32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0

Repaired : [64][HKLM | Winlogon]|[userinit] : C:\Windows\system32\userinit.exe, -> C:\Windows\SysWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ | Associations

Repaired : [64][HKLM\Software\Classes\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe

¤

Repaired : [64][HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

Repaired : [64][HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

Repaired : [32][HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ | Registry

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\policies\Explorer]|[NoDriveTypeAutoRun] : 60 -> 145

Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0

Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]|[AllItemsIconView] : 0 -> 1

Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoDriveTypeAutoRun] : 0 -> 145

¤¤¤¤¤¤¤¤¤¤ | Access to the registry and to the administrator of the tasks

¤¤¤¤¤¤¤¤¤¤ | SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !

¤

Safeboot Minimal Subkeys : O.K !

¤

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ | IFEO

¤¤¤¤¤¤¤¤¤¤ | Mountpoints2

¤¤¤¤¤¤¤¤¤¤ | Windows

[64][HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]|[] : @SYS:DoesNotExist

[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]|[] : @SYS:Software\Swearware\dump

[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

Winsrv : OK !

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :

[HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :

[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0

[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0

¤¤¤¤¤¤¤¤¤¤ | Security center

¤¤¤¤¤¤¤¤¤¤ | Correction of the services

Repaired : [Compbatt] : 3 -> 0

Repaired : [agp440] : 3 -> 2

Repaired : [bits] : 3 -> 2

Repaired : [EapHost] : 3 -> 2

Repaired : [Wlansvc] : 3 -> 2

Repaired : [wudfsvc] : 3 -> 2

Repaired : [WerSvc] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/

Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm

Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896

Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[searchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/ie

Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[search Bar] : http://search.msn.com/spbasic.htm -> http://www.google.com/

Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\Windows\SysWOW64\blank.htm

Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896

Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157

¤

Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Cleaned

¤¤¤¤¤¤¤¤¤¤ | reparsepoint

¤¤¤¤¤¤¤¤¤¤ | Detection of offsets

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

stopped : KMService

Deleted service : KMService

Deleted : HKLM\..\ControlSet002\Services\KMService

Deleted : C:\$Recycle.bin\S-1-5-21-3731980268-2904590947-1619489453-1000

Moved to quarantine successfully : C:\Users\Asafer\AppData\Roaming\wklnhst.dat

Moved to quarantine successfully : C:\Users\Asafer\AppData\Roaming\unins001.dat

Moved to quarantine successfully : C:\Users\Asafer\AppData\Roaming\unins000.dat

Moved to quarantine successfully : C:\Users\Asafer\AppData\Roaming\unins002.dat

Moved to quarantine successfully : C:\Windows\system32\srvany.exe

Will be moved in quarantine in the restart : C:\Windows\AutoKMS

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18732-4536-11e3-9301-1cc1debeb8de}.TMContainer00000000000000000001.regtrans-ms

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18732-4536-11e3-9301-1cc1debeb8de}.TMContainer00000000000000000002.regtrans-ms

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18749-4536-11e3-9301-1cc1debeb8de}.TMContainer00000000000000000001.regtrans-ms

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18749-4536-11e3-9301-1cc1debeb8de}.TMContainer00000000000000000002.regtrans-ms

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18732-4536-11e3-9301-1cc1debeb8de}.TM.blf

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18749-4536-11e3-9301-1cc1debeb8de}.TM.blf

Moved to quarantine successfully : C:\Users\Asafer\AppData\Local\microsoft\windows\WebCacheLock.dat

Moved to quarantine successfully : C:\Users\Asafer\AppData\Roaming\EurekaLog

Moved to quarantine successfully : C:\Windows\assembly\tmp\

Moved to quarantine successfully : C:\Users\Asafer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

Moved to quarantine successfully : C:\Users\Asafer\AppData\LocalLow\Sun\Java\Deployment\cache\security

Prefetch -> cleaned

D:\ : Vaccinated (Vaccin created by Usbfix)

E:\ : Impossible to vaccinate

F:\ : Vaccinated (Vaccin created by Pre_Scan)

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Drive D:] : Hidden : 7 | Restored : 7

~ [Drive F:] : Hidden : 6 | Restored : 6

~ [Drive C:] : Hidden : 1 | Restored : 1

~ [Program Files] : Hidden : 8 | Restored : 8

~ [users] : Hidden : 4 | Restored : 4

~ [Music] : Hidden : 2 | Restored : 2

~ [Pictures] : Hidden : 23 | Restored : 23

~ [Documents] : Hidden : 6 | Restored : 6

~ [Desktop] : Hidden : 802 | Restored : 802

~ [searches] : Hidden : 2 | Restored : 2

~ [Windows] : Hidden : 45 | Restored : 45

~ [start Menu | Programs | Startup] : Hidden : 1 | Restored : 1

~ [Libraries] : Hidden : 53 | Restored : 53

¤¤¤¤¤¤¤¤¤¤ | Control of the partitions

Disk: 0 Size=954G

Pos MBRndx Type/Name Size Active Hide Start Sector Sectors

--- ------ ---------- ---- ------ ---- ------------ ------------

0 0 07-NTFS 100M Yes No 2,048 204,800

1 1 07-NTFS 944G No No 206,848 932,769,280

2 2 07-NTFS 10G No No 932,976,128 20,545,536

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1

[HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1

End : 15:19:33

Standby-mode restored

¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 367

Desative temporariamente seu antivirus para evitar conflitos.

Baixe: < Shortcut_Module > ( de g3n-h@ckm@n )

|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: /applications/core/interface/imageproxy/imageproxy.php?img=http://www.telecharger.sosvirus.net/wp-content/plugins/wpdm-download-button/images/530637d6efc63.png&key=21ce1720edee13c53fa7ba946a586ee208b691686f77c1248daec3f232aeee1b" alt="530637d6efc63.png" />

Execute-o da forma indicada nesta postagem:

Desinfecte atalhos infectados e exclua adwares com a ferramenta Shortcut_Module

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

Bom dia, segue o mesmo....

¤¤¤¤¤¤¤¤¤¤ | Shortcut_Module | g3n-h@ckm@n | 11.05.2014.1

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 08:03:24 - 15/05/2014

Atualizado : 11/05/2014 | 12.25 Por g3n-h@ckm@n

Contact : http://www.sosvirus.net

Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html

Boot : Normal

Sistema : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1

Memória RAM = Total (MB) : 3857 | Livre (MB) : 1532

Pagefile = Total (MB) : 7713 | Livre (MB) : 4684

Virtual = Total (MB) : 4194 | Livre (MB) : 4008

Registro protegido, restabelecer : C:\Shortcut_Module\Save\Clean\ERDNT.exe

¤¤¤¤¤¤¤¤¤¤ | Windows atualizado

Nenhuma atualização descoberta !!!

¤¤¤¤¤¤¤¤¤¤ | Navegadores

IE : 11.0.9600.17041 (© Microsoft Corporation. Todos os direitos reservados.)

FF : 28.0.0.5186 (©Firefox and Mozilla Developers; available under the MPL 2 license.)

GC : 34.0.1847.137 (Copyright 2012 Google Inc. All rights reserved.)

¤¤¤¤¤¤¤¤¤¤ | Security

AS : Windows Defender Enabled

AM : Malwarebytes' Anti-Malware (1.0.0.500) [2014.04.08.09]

WMI : OK

WU: Windows Update Service [Auto(2)] = Começado

AS: Windows Defender [Auto(2)] = Começado

FW: Windows FireWall Service [Auto(2)] = Começado

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

FlashPlayer ActiveX : 13.0.0.214

FlashPlayer Plugin : 13.0.0.214

¤¤¤¤¤¤¤¤¤¤ | Processos mortos

944 | [Owner : SISTEMA |Parent : 760] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.1.6.3) = C:\PROGRA~2\GbPlugin\gbpsv.exe

1364 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe

1704 | [Owner : SISTEMA |Parent : 760] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.7.0.0) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1824 | [Owner : SISTEMA |Parent : 760] - (.Apple Inc. - YSLoader.exe.) - (17.327.4.11) = C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1964 | [Owner : SISTEMA |Parent : 760] - (.Infowatch - InfoWatch CryptoStorage Protected objects controller service.) - (2.0.201.0) = C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

2012 | [Owner : SISTEMA |Parent : 760] - (.SafeNet Inc. - Sentinel LDK License Manager Service.) - (15.0.1.36539) = C:\Windows\System32\hasplms.exe

540 | [Owner : SISTEMA |Parent : 760] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) - (4.0.112.1) = C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

1544 | [Owner : SISTEMA |Parent : 760] - (.Hewlett-Packard Company - LightScribe Service.) - (1.18.22.2) = C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

1928 | [Owner : SISTEMA |Parent : 760] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (2.0.23.0) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

2232 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - SQL Server Windows NT.) - (2005.90.5000.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

2344 | [Owner : SISTEMA |Parent : 760] - (.arvato digital services llc - PsiService PsiService.) - (3.1.0.56) = C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

2416 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - SQL Browser Service EXE.) - (2005.90.5000.0) = C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

2452 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2005.90.5000.0) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

2528 | [Owner : SISTEMA |Parent : 760] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

2928 | [Owner : SISTEMA |Parent : 760] - (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) - (3.4.0.0) = C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe

2996 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2768 | [Owner : SISTEMA |Parent : 760] - (.Intel Corporation - IAStorDataSvc.) - (9.5.7.1002) = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

2952 | [Owner : SISTEMA |Parent : 2996] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

4280 | [Owner : SERVIÇO LOCAL |Parent : 992] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe

3136 | [Owner : SISTEMA |Parent : 760] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 11.0 (component).) - (11.0.0.0) = C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

3832 | [Owner : SISTEMA |Parent : 760] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (6.0.5.4) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

4644 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe

1832 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe

1724 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe

5016 | [Owner : SISTEMA |Parent : 1724] - (.Microsoft Corporation - Windows Install Compability Advisor Inventory Tool.) - (6.3.9600.17057) = C:\Windows\System32\CompatTel\wicainventory.exe

3164 | [Owner : SISTEMA |Parent : 592] - (.Microsoft Corporation - Host da Janela do Console.) - (6.1.7601.18229) = C:\Windows\System32\conhost.exe

2892 | [Owner : Asafer |Parent : 760] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe

4488 | [Owner : Asafer |Parent : 2120] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.0.0.500) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

980 | [Owner : Asafer |Parent : 1460] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe

2656 | [Owner : Asafer |Parent : 980] - (.Intel Corporation - hkcmd Module.) - (8.15.10.2040) = C:\Windows\System32\hkcmd.exe

2368 | [Owner : Asafer |Parent : 876] - (.Intel Corporation - igfxsrvc Module.) - (8.15.10.2040) = C:\Windows\System32\igfxsrvc.exe

1536 | [Owner : Asafer |Parent : 980] - (.Intel Corporation - persistence Module.) - (8.15.10.2040) = C:\Windows\System32\igfxpers.exe

1896 | [Owner : Asafer |Parent : 980] - (.Microsoft Corporation - Notas Autoadesivas.) - (6.1.7600.16385) = C:\Windows\System32\StikyNot.exe

3660 | [Owner : Asafer |Parent : 980] - (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) - (6.1.7601.17514) = C:\Program Files\Windows Sidebar\sidebar.exe

2796 | [Owner : Asafer |Parent : 2128] - (.Intel Corporation - IAStorIcon.) - (9.5.7.1002) = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

4044 | [Owner : Asafer |Parent : 2128] - (.Hewlett-Packard Company - HP UT LEDM Driver.) - (2.0.0.2) = C:\Program Files (x86)\Hp\HP UT LEDM\bin\hppusg.exe

604 | [Owner : Asafer |Parent : 2528] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

6100 | [Owner : SISTEMA |Parent : 2528] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

6092 | [Owner : SISTEMA |Parent : 2528] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

5456 | [Owner : Asafer |Parent : 1084] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe

3096 | [Owner : Asafer |Parent : 876] - (.Kaspersky Lab - Kaspersky Password Manager.) - (7.0.3.11) = C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe

5716 | [Owner : Asafer |Parent : 980] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

2940 | [Owner : Asafer |Parent : 5716] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

6260 | [Owner : Asafer |Parent : 5716] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

6992 | [Owner : Asafer |Parent : 5716] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

1548 | [Owner : Asafer |Parent : 5456] - (.Hewlett-Packard Company - HP Support Assistant.) - (6.0.0.0) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe

1380 | [Owner : Asafer |Parent : 5716] - (.Google Inc. - Google Chrome.) - (34.0.1847.137) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

6548 | [Owner : Asafer |Parent : 6308] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) - (6.0.335.0) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

7096 | [Owner : Asafer |Parent : 980] - (.Microsoft Corporation - Microsoft Outlook.) - (14.0.7113.5000) = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

6640 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Microsoft Office Software Protection Platform Service.) - (14.0.370.400) = C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

4904 | [Owner : Asafer |Parent : 1832] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe

6420 | [Owner : SISTEMA |Parent : 1832] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchFilterHost.exe

1548 | [Owner : Asafer |Parent : 5456] - (.Hewlett-Packard Company - HP Support Assistant.) - (6.0.0.0) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe

6548 | [Owner : Asafer |Parent : 6308] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) - (6.0.335.0) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

4904 | [Owner : Asafer |Parent : 1832] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe

7044 | [Owner : SERVIÇO LOCAL |Parent : 992] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe

6812 | [Owner : SISTEMA |Parent : 760] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.1.6.3) = C:\PROGRA~2\GbPlugin\gbpsv.exe

¤¤¤¤¤¤¤¤¤¤ | Processos começados

424 | [Owner : SISTEMA |Parent : 4] - (.Microsoft Corporation - Gerenciador de Sessão do Windows.) - (6.1.7601.18229) = C:\Windows\System32\smss.exe

592 | [Owner : SISTEMA |Parent : 576] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe

652 | [Owner : SISTEMA |Parent : 636] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe

660 | [Owner : SISTEMA |Parent : 576] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe

708 | [Owner : SISTEMA |Parent : 636] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) - (6.1.7601.18409) = C:\Windows\System32\winlogon.exe

760 | [Owner : SISTEMA |Parent : 660] - (.Microsoft Corporation - Aplicativo de serviços e controle.) - (6.1.7600.16385) = C:\Windows\System32\services.exe

768 | [Owner : SISTEMA |Parent : 660] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18443) = C:\Windows\System32\lsass.exe

776 | [Owner : SISTEMA |Parent : 660] - (.Microsoft Corporation - Serviço do Gerenciador de Sessão Local.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe

876 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1016 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

612 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

992 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1060 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1084 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1248 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1400 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1444 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1872 | [Owner : SISTEMA |Parent : 760] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - (13.0.2.628) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

1436 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\SysWOW64\svchost.exe

2120 | [Owner : SISTEMA |Parent : 760] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (2.1.9.0) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

2256 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

2292 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

2972 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

260 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

4452 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

4696 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1840 | [Owner : Asafer |Parent : 992] - (.Microsoft Corporation - Gerenciador de Janelas da Área de Trabalho.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe

4244 | [Owner : SERVIÇO LOCAL |Parent : 612] - (.Microsoft Corporation - Isolamento de Gráfico de Dispositivo de Áudio do Windows .) - (6.1.7601.17514) = C:\Windows\System32\audiodg.exe

832 | [Owner : Asafer |Parent : 2128] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - (13.0.2.628) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

5748 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1548 | [Owner : Asafer |Parent : 5456] - (.Hewlett-Packard Company - HP Support Assistant.) - (6.0.0.0) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe

6548 | [Owner : Asafer |Parent : 6308] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) - (6.0.335.0) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

4928 | [Owner : SISTEMA |Parent : 876] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe

6772 | [Owner : SISTEMA |Parent : 1872] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - (13.0.2.628) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

1908 | [Owner : Asafer |Parent : 980] - (. - Shortcut_Module.) - (11.5.2014.1) = C:\Users\Asafer\Downloads\Shortcut_Module.exe

1796 | [Owner : SERVIÇO DE REDE |Parent : 876] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe

6320 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

4904 | [Owner : Asafer |Parent : 1832] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe

1740 | [Owner : SERVIÇO LOCAL |Parent : 992] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe

968 | [Owner : Asafer |Parent : 1908] - (. - Process Stopper.) - (1.0.0.0) = C:\Shortcut_Module\Protect_Module.exe

2560 | [Owner : Asafer |Parent : 876] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe

¤¤¤¤¤¤¤¤¤¤ | RUN

04 - [64] HKLM\..\Run : [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

04 - [64] HKLM\..\Run : [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"

04 - [64] HKLM\..\Run : [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"

04 - [32] HKLM\..\Run : [igfxTray] C:\Windows\system32\igfxtray.exe

04 - [32] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe

04 - [32] HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe

04 - HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\..\Run : [iSUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

04 - HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\..\Run : [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

04 - HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\..\Run : [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

¤¤¤¤¤¤¤¤¤¤ | Serviços

funcionando : WINDEFEND

Serviço parado : WINDEFEND

funcionando : MMCSS

funcionando : Dhcp

funcionando : TcpIp

funcionando : WinHttpAutoProxysvc

Serviço parado : WinHttpAutoProxysvc

funcionando : SSDPSRV

funcionando : MPSSvc

Serviço parado : MPSSvc

funcionando : Rasman

Serviço parado : Rasman

funcionando : LanmanServer

funcionando : DNScache

Serviço parado : DNScache

Apagado prosperamente : HKLM\..\ControlSet001\Services\FLEXnet Licensing Service : 16

Apagado prosperamente : HKLM\..\ControlSet001\Services\SDFirewallService : Offers malware scanning services to Spybot-S&D modules.

Apagado prosperamente : HKLM\..\ControlSet002\Services\FLEXnet Licensing Service : 16

Apagado prosperamente : HKLM\..\ControlSet002\Services\SDFirewallService : Offers malware scanning services to Spybot-S&D modules.

Apagado prosperamente : HKLM\..\CurrentControlSet\Services\FLEXnet Licensing Service 64 : 16

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Reponha para zerar prosperamente

¤¤¤¤¤¤¤¤¤¤ | Registro

Apagado prosperamente : [64]HKLM\Software\Classes\Spybot2.DisabledFile

Apagado prosperamente : [64]HKLM\Software\Classes\Spybot2.SBIFile

Apagado prosperamente : [64]HKLM\Software\Classes\Spybot2.UTIFile

Apagado prosperamente : [64]HKLM\Software\Classes\SWNGRE.uiMeshDecoWizardPage_c

Apagado prosperamente : [64]HKLM\Software\Classes\SWNGRE.uiMeshDecoWizardPage_c.1

Apagado prosperamente : [64]HKLM\Software\Classes\SWNGRE.uiMeshDoctorPage_c.1

Apagado prosperamente : [64]HKLM\Software\Classes\SWNGRE.uiMeshManipulationPage.1

Apagado prosperamente : [64]HKLM\Software\Classes\SWNGRE.uiMeshPrepCompPage_c.1

Apagado prosperamente : [64]HKLM\Software\Classes\SWNGRE.uiMeshRelaxPage_c.1

Apagado prosperamente : [64]HKLM\Software\Classes\SWNGRE.uiMeshSmoothPage_c.1

Apagado prosperamente : [64]HKLM\Software\Classes\SWNGRE.uiMeshSplitPage_c.1

Apagado prosperamente : [64]HKLM\Software\Classes\Spybot2.SBEFile

Apagado prosperamente : [64]HKLM\Software\Classes\Spybot2.UTSFile

Apagado prosperamente : [64]HKLM\Software\Classes\SWNGRE.uiMeshDoctorPage_c

Apagado prosperamente : [64]HKLM\Software\Classes\SWNGRE.uiMeshPrepCompPage_c

Apagado prosperamente : [64]HKLM\Software\Classes\SWNGRE.uiMeshSmoothPage_c

Apagado prosperamente : [32]HKLM\Software\Classes\Spybot2.SBSFile

Apagado prosperamente : [32]HKLM\Software\Classes\SWNGRE.uiMeshManipulationPage

Apagado prosperamente : [32]HKLM\Software\Classes\SWNGRE.uiMeshSplitPage_c

Apagado prosperamente : [32]HKLM\Software\Classes\SWNGRE.uiMeshRelaxPage_c

Apagado prosperamente : HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\BabylonToolbar

Apagado prosperamente : [64]HKLM\Software\Classes\AppID\SoftwareUpdate.exe

Apagado prosperamente : [64]HKLM\Software\Classes\AppID\{6A070EEA-E3F8-411E-9D3A-F3814ED6D1A8} : SoftwareUpdateApp

Apagado prosperamente : [32]HKLM\Software\Classes\AppID\SoftwareUpdateAdmin.DLL

Apagado prosperamente : [64]HKLM\Software\Classes\TypeLib\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4} : SoftwareUpdate

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{03F05917-8B9F-4E59-98AF-454E4BA07D1E} : IAutoNestIntfEvents

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{15D048E5-1278-46EE-BC1B-48692523A223} : IuiMeshSplitPage_c

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{398C0028-8583-4382-B9A1-4BDF347594AC} : IDrawEffectZipperDistortion

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{3BF49B7D-6CDC-4A49-A317-F941C0B6EB1E} : IuiMeshDecoWizardPage_c

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{422CA428-AACB-496A-8FDD-86758BCFB756} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{4E10156C-862A-47FE-BD9E-7BD6CDC0E4D7} : IPDMWSearchResults

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{56188BC4-4248-4551-885A-477B3A30EE86} : IuiMeshSmoothPage_c

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{5D9C6A41-8EE3-4C58-980D-9C18785CE05C} : IuiMeshPrepCompPage_c

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{6A3BFE2E-1DB0-4076-84BA-86470D9AFC30} : IMeshCursor

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{81C7E033-EC39-4054-9B20-91FC1B5377DA} : IuiMeshManipulationPage

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{98A77083-05BC-4DD6-BC1F-9EC8A564E4B0} : IuiMeshRelaxPage_c

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{995E123A-2A19-4E52-872F-774C5589459C} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{A52621AD-E10F-477B-9ACB-B6181610788B} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} : ISearchQueryHelper

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{B0580035-9AA4-44FD-9547-4F91EB757AC4} : IVGEffectZipperDistortion

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{CF7549A9-7A2A-4A6E-ACF4-05452C98CF7E} : IVsToolWindowToolbarHost

Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{D5ECA49D-564F-452F-87A7-909178924D62} : IuiMeshDoctorPage_c

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{0002D206-0000-0000-C000-000000000046} : IID_IOleInPlace3Dsite

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{03F05917-8B9F-4E59-98AF-454E4BA07D1E} : IAutoNestIntfEvents

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{15D048E5-1278-46EE-BC1B-48692523A223} : IuiMeshSplitPage_c

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{398C0028-8583-4382-B9A1-4BDF347594AC} : IDrawEffectZipperDistortion

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{3BF49B7D-6CDC-4A49-A317-F941C0B6EB1E} : IuiMeshDecoWizardPage_c

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{422CA428-AACB-496A-8FDD-86758BCFB756} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{4E10156C-862A-47FE-BD9E-7BD6CDC0E4D7} : IPDMWSearchResults

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{56188BC4-4248-4551-885A-477B3A30EE86} : IuiMeshSmoothPage_c

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{5D9C6A41-8EE3-4C58-980D-9C18785CE05C} : IuiMeshPrepCompPage_c

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{632CFD20-794A-4B34-9AC5-89972BDF7D93} : DGrooveAggregatedDeltaProcessingStatusListener

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{6A3BFE2E-1DB0-4076-84BA-86470D9AFC30} : IMeshCursor

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{81C7E033-EC39-4054-9B20-91FC1B5377DA} : IuiMeshManipulationPage

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{98A77083-05BC-4DD6-BC1F-9EC8A564E4B0} : IuiMeshRelaxPage_c

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{995E123A-2A19-4E52-872F-774C5589459C} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{A52621AD-E10F-477B-9ACB-B6181610788B} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{B0580035-9AA4-44FD-9547-4F91EB757AC4} : IVGEffectZipperDistortion

Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{D5ECA49D-564F-452F-87A7-909178924D62} : IuiMeshDoctorPage_c

Apagado prosperamente : [64]HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2

Apagado prosperamente : [64]HKLM\Software\Microsoft\Tracing\FLVPlayer_v3_RASAPI32

Apagado prosperamente : [64]HKLM\Software\Microsoft\Tracing\FLVPlayer_v3_RASMANCS

Apagado prosperamente : [32]HKLM\Software\Microsoft\Tracing\LinkuryInstaller_RASAPI32

Apagado prosperamente : [32]HKLM\Software\Microsoft\Tracing\LinkuryInstaller_RASMANCS

Apagado prosperamente : [64]HKLM\SOFTWARE\Safer Networking Limited

Apagado prosperamente : HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Safer Networking Limited

Apagado prosperamente : HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Trolltech

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} : ShopperReports.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} : alotBHO.dll;alotBHO.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} : eBayTB.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} : ShoppingReport.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} : PCTBrowserDefender.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} : BabylonToolbar.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825} : PCTBrowserDefender.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{57F02779-3D88-4958-8AD3-83C12D86ADC7} : advancedsearchbar.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} : alot.dll;alot.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} : eBayTB.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} : BabylonToolbar.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} : ShoppingReport.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} : advancedsearchbar.dll

Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} : BabylonToolbarTlbr.dll

Apagado prosperamente : [64]HKLM\Software\Classes\Installer\Features\F3EF77EDD33AA99478DAF54C6016B704 :

Apagado prosperamente : [32]HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 : 01:\Software\Smartbar\version

Apagado prosperamente : [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]|[C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon

Apagado prosperamente : [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]|[C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater

¤¤¤¤¤¤¤¤¤¤ | IFEO

¤¤¤¤¤¤¤¤¤¤ | Arquivos

Apagado prosperamente : C:\Windows\System32\NdfEventView.xml ()

Apagado prosperamente : C:\Users\All Users\FLEXnet

Apagado prosperamente : C:\Users\All Users\Spybot - Search & Destroy

Apagado prosperamente : C:\Users\All Users\onOne Software\Perfect Effects 4\FilmGrains\Ilford® Delta 100.tif (.-.)

Apagado prosperamente : C:\Users\All Users\onOne Software\Perfect Effects 4\FilmGrains\Ilford® Delta 3200.tif (.-.)

Apagado prosperamente : C:\Users\All Users\onOne Software\Perfect Effects 4\FilmGrains\Ilford® Delta 400.tif (.-.)

Apagado prosperamente : C:\Users\Asafer\Desktop\back up leandro\Favoritos\Gabi\Receitas light\Batatas recheadas com calabresa por jose.canozzi Acompanhamentos Receitas.com.url (.-.)

Apagado prosperamente : C:\Users\Asafer\Desktop\back up leandro\Favoritos\Gabi\Receitas light\Sadia Receitas Abobrinha Recheada Light.url (.-.)

Apagado prosperamente : C:\Users\Asafer\Desktop\back up leandro\Leandro\Disco_D\Nova Pasta (2)\Utilit_rios\Modelos da Galeria de Fotos na Web\Claro Horizontal

Apagado prosperamente : C:\Users\Asafer\Downloads\spybotsd-2.0.6-beta4.exe (© 2000-2011 Safer-Networking Ltd.. All rights reserved. .-.Spybot - Search & Destroy 2 )

¤¤¤¤¤¤¤¤¤¤ | Malversações de atalhos

¤¤¤¤¤¤¤¤¤¤ | Proxy

¤¤¤¤¤¤¤¤¤¤ | Malversações internet Explorer

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://go.microsoft.com/fwlink/?LinkId=69157 -> http://www.google.com/

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Local Page] : -> C:\Windows\SysWOW64\blank.htm

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[browserMngr Start Page] : -> http://www.google.com/

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> http://www.google.com/

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[search Bar] : -> http://www.google.com/

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[start Page] : -> http://www.google.com/

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\SysWOW64\blank.htm

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[browserMngr Start Page] : -> http://www.google.com/

Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> http://www.google.com/

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[search Bar] : -> http://www.google.com/

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://go.microsoft.com/fwlink/?LinkId=69157 -> http://www.google.com/

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[browserMngr Start Page] : -> http://www.google.com/

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> http://www.google.com/

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[search Bar] : -> http://www.google.com/

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[start Page] : -> http://www.google.com/

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\SysWOW64\blank.htm

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[browserMngr Start Page] : -> http://www.google.com/

Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> http://www.google.com/

¤¤¤¤¤¤¤¤¤¤ | Malversações Google Chrome

[Asafer] Reponha para zerar prosperamente : SearchURL

[Asafer] Reponha para zerar prosperamente : Preferences

[Asafer] : aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co

[Asafer] : apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co

[Asafer] : blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com/?feature=ytca - Google & co

[Asafer] : caimihdmbpgddfpkbochehpehdglpcim = : Guardião - Banco Itaú - GBBD Guardião - Itaú 30 horas

[Asafer] : coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co

[Asafer] : dchlnpcodkpfdpacogkljefecpegganj = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__

[Asafer] : dhdnahjkclbpahfnjmpcbacidgllghba = : Autofill web-pages with stored passwords in Password Manager - Password Manager plugin

[Asafer] : hakdifolhalapjijoafobooafbilfakh = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__

[Asafer] : hghkgaeecgjhjkannahfamoehjmkjail = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__

[Asafer] : jagncdcchgajhfhijbbhecadmaiegcmh = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__

[Asafer] : kgmpojlddncminmkddkpoegdjhojjipg = : Guardião - Banco Itaú - GBBD Guardião - Itaú 30 horas

[Asafer] : nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co

[Asafer] : nnjbodopomfddehlalfilheomcahbpei = : Módulo Adicional de Segurança CAIXA - GBBD Caixa Economica Federal

[Asafer] : pgacfjdigcddmmncljpflgcfpfahebkh = : Módulo de Segurança - Banco do Brasil - GBBD Banco do Brasil

[Asafer] : pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co

[Asafer] : pjldcfjmnllhmgjclecdnfampinooman = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__

[Asafer_2] : aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co

[Asafer_2] : apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co

[Asafer_2] : blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com/?feature=ytca - Google & co

[Asafer_2] : coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co

[Asafer_2] : dchlnpcodkpfdpacogkljefecpegganj = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__

[Asafer_2] : hakdifolhalapjijoafobooafbilfakh = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__

[Asafer_2] : hghkgaeecgjhjkannahfamoehjmkjail = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__

[Asafer_2] : jagncdcchgajhfhijbbhecadmaiegcmh = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__

[Asafer_2] : nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co

[Asafer_2] : pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co

[Asafer_2] : pjldcfjmnllhmgjclecdnfampinooman = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__

¤¤¤¤¤¤¤¤¤¤ | Malversações Firefox

[Asafer] Apagado prosperamente : C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\sessionstore.js

¤¤¤¤¤¤¤¤¤¤ | Opera

¤¤¤¤¤¤¤¤¤¤ | Malversação de chaves StartMenuInternet

Consertado : [64][HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -> "C:\Program Files\Mozilla Firefox\Firefox.exe"

Consertado : [64][HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\safemode\command] : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode -> "C:\Program Files\Mozilla Firefox\Firefox.exe" -safe-mode

Consertado : [64][HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -> "C:\Program Files\Internet Explorer\iexplore.exe"

Consertado : [64][HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -> "C:\Program Files\Google\Chrome\Application\chrome.exe"

¤¤¤¤¤¤¤¤¤¤ | AppInit_DLLs

[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0

[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0

¤¤¤¤¤¤¤¤¤¤ | Malversações Javascript

¤¤¤¤¤¤¤¤¤¤ | Firewall

¤¤¤¤¤¤¤¤¤¤ | Arquivos temporários

[All Users] Arquivos temporários Apagado : 0 Ko

[Asafer] Arquivos temporários Apagado : 17846 Ko

[Asafer_2] Arquivos temporários Apagado : 6249 Ko

[Default] Arquivos temporários Apagado : 0 Ko

[Default User] Arquivos temporários Apagado : 0 Ko

[Public] Arquivos temporários Apagado : 0 Ko

[Todos os Usuários] Arquivos temporários Apagado : 0 Ko

[usuário Padrão] Arquivos temporários Apagado : 0 Ko

[C:\Windows\Temp] Arquivos temporários Apagado : 368 Ko

[C:\Temp] Arquivos temporários Apagado : 0 Ko

Outros relatórios

[X] : [1 Ko]

Elementos analisados : 709682 | Infetado : 135

¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 09:20:17 | [41 Ko]

Como está o PC depois destes procedimentos?

Bom dia, aparentemente esta bem melhor, não travando mais as paginas, principalmente do banco...

Obrigado

:) Fico feliz que o problema tenha sido resolvido.

:seta: Só para finalizar siga estes tutoriais abaixo, por gentileza:

Excluindo erros e otimizando seu PC com o CCleaner

Elimine arquivos inúteis de seu PC com o PureRa
_____________________________________________________________________________________________

:seta: Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.
______________________________________________________________________________________________

:thumbsup: Foi um prazer ajudar. Conte sempre conosco!

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.