Oi Ionara.

:seta: Faça o download do < ZHPDiag > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" />> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

/applications/core/interface/imageproxy/imageproxy.php?img=http://i60.tinypic.com/2aa105k.jpg&key=659975b6a4293f840e4a650a3c991254f7af1289074773c9a48692c9533e270a" alt="2aa105k.jpg" />

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Boa noite,

desculpe a demora,

mas estou acessando com

usuario temporário esempre que vou

terminar de executar algo ou postar um

logo pc reinicia,perco tudo...

tá difícil, mas vou tentar postar

Ok, fico no aguardo.

..segue log...

~ Relatório do ZHPDiag v2014.7.27.109 - Nicolas Coolman (27/07/2014)
~ Iniciado por reparo (27/07/2014 14:39:42)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v36.0.1985.125

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.5.464
Kaspersky Security Scan v12.0.1.881
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.7

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8098 MB (75% free)
System Restore: Activé (Enable)
System drive C: has 405 GB (87%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA-PC
~ User Name: reparo
~ All Users Names: reparo, Nara, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\reparo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\reparo\AppData\Roaming\
~ %Desktop% : C:\Users\reparo\Desktop\
~ %Favorites% : C:\Users\reparo\Favorites\
~ %LocalAppData% : C:\Users\reparo\AppData\Local\
~ %StartMenu% : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 405 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/03/2013 - 02:49:19.) -- C:\Windows\System32\wininet.dll [1198080]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 14:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/21
~ Mon Bureau (My Desktop) : 1/3
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160] [PID.1320]
[MD5.1E9B225DE829A6F666A0BA9B8A7984BF] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160] [PID.2764]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2852]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1596]
[MD5.0DA8636ACBF55A4CA6350FEA7D789828] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8082432] [PID.3768]
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520] [PID.764]
[MD5.4C14746BCBF9985BDBF1CD1BEED96DF8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160] [PID.1248]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1412]
[MD5.4C14746BCBF9985BDBF1CD1BEED96DF8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160] [PID.1440]
[MD5.EFB2614E9142FA4427CE82EE6DC0CA7B] - (.Kaspersky Lab ZAO - Kaspersky Security Scan.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080] [PID.1532]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.2100]
[MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.3520]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.2392]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.2412]
~ Processes Running: Scanned in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.254
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 11 Legitimates Filtered in 00mn 02s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.AutoKMS
[MD5.00000000000000000000000000000000] [APT] [{40A2A6DD-EF47-4EE5-9976-3A6BA7DD57F1}] (...) -- C:\Users\reparo\Downloads\PenDriveVirusRemover_Setup_En.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4E1B028A-72ED-40CA-818A-8A4B7F885B0E}] (...) -- C:\Users\reparo\AppData\Local\Temp\{78288FE1-140B-42B0-9BB1-31188808AD36}\InstallFlashPlayer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{824D238E-E199-4B8D-B033-94B5BBAAFAD2}] (...) -- C:\Users\reparo\Downloads\iGBPCEF.exe (.not file.) [0]
[MD5.F196BD7D4F1F6EFBC1A210510D5DBB84] [APT] [{9B58F3CE-A602-49DC-BF64-ACCDAD7E3E74}] (...) -- C:\Program Files (x86)\Don\DoN Launcher.exe [3743808]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]

O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.AutoKMS
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [268] =>Trojan.AutoKMS

---\\ Software instalados (042)
O42 - Logiciel: 4t Tray Minimizer Free 5.52 - (.4t Niagara Software.) [HKLM][64Bits] -- 4t Tray Minimizer_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {5DB4716B-1246-4C39-AE77-2FFEE36DC46D}_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {C8141479-83BC-4CCB-B70C-5C033F227E79}}_is1
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: New Destiny versão 7.57 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T7}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Star Destiny versão 3.7 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1
O42 - Logiciel: WYD (remove only) - (...) [HKLM][64Bits] -- WYD
~ Logic: 27 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Bahamut]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Pando Networks]
~ Key Software: 156 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/11/2012 - 15:17:00 - [] ----D C:\Program Files (x86)\4t Tray Minimizer
O43 - CFD: 13/01/2014 - 09:01:36 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 21/07/2014 - 21:12:48 - [] ----D C:\Program Files (x86)\DoN
O43 - CFD: 17/07/2014 - 23:27:05 - [] ----D C:\Program Files (x86)\FDG
O43 - CFD: 21/07/2014 - 20:15:42 - [] ----D C:\Program Files (x86)\GUMD2F7.tmp
O43 - CFD: 21/07/2014 - 20:15:59 - [] ----D C:\Program Files (x86)\GUMDBCD.tmp
O43 - CFD: 06/02/2014 - 11:49:42 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 09/03/2014 - 08:54:38 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 13/01/2014 - 09:06:05 - [] ----D C:\ProgramData\Baidu Security
~ Program Folder: 110 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0B72D5FE2BC97D3B74AFA1399B54BA8B] - 17/07/2014 - 23:51:16 ---A- . (...) -- C:\Windows\DirectX.log [9774]
O44 - LFC:[MD5.703E7433628DEA828F4F0010AE817E38] - 19/07/2014 - 14:57:30 ----- . (...) -- C:\bootsqm.dat [6576]
O44 - LFC:[MD5.B6F762113B8C51943219CC7A5F8F93C1] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [4062]
O44 - LFC:[MD5.6D168297A9534E194DB590A9C48AF13E] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [4254]
O44 - LFC:[MD5.C254D3E5751B7F33B2FF389DB6796149] - 27/07/2014 - 12:33:50 ---A- . (...) -- C:\Windows\ntbtlog.txt [4251988]
~ Files: 107 Legitimates Filtered in 00mn 37s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:04/10/2012 - 14:07:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [47720]
O58 - SDL:17/03/2014 - 18:30:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 61 Legitimates Filtered in 00mn 00s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 14/07/2014 - C:\Windows\System32\DRIVERS\avnetflt.sys (avnetflt) .(.Avira Operations GmbH & Co. KG - Avira WFP Network Driver.) - LEGACY_AVNETFLT
~ Legacy: 95 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.44B89BC0069FA73A8EAD7120A4293B5B] [sPRF][04/05/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 2 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{4F850645-2D5A-46FA-BA00-8984D78B8442}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{3AB09CCB-4963-4C2E-BDB6-980C5CC62D0D}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

---\\ Search Tracing Registry Key (O100)

HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASAPI32 =>Adware.MagniPic
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASMANCS =>Adware.MagniPic
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 14/07/2014 1030224 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

SS - | Auto 02/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

---\\ Scâner Aditional (088)
Database Version : 13026 - (27/07/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
C:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.AutoKMS^

---\\ Informações complémentaires do módulos
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação

 =>Trojan.AutoKMS
 =>PUP.MyPCBackup
 =>Adware.MagniPic
http://nicolascoolman.fr/toolbar-ask%C2'> =>Toolbar.Ask

~ 710 Legitimates filtered by white list
End of the scan (420 lines in 01mn 25s)(0)

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.

___________________________________________________________________________________________

:seta: No seu PC está constando a presença de dois antivirus: Kaspersky e Avira. É muito importante desinstalar um deles, porque dois ou mais antivirus causa lentidão e também pode causar conflitos entre eles.

____________________________________________________________________________________________

:seta: Acesse o site https://www.virustotal.com e envie este arquivo destacado em negrito abaixo para ser analisado:

C:\Program Files (x86)\Don\DoN Launcher.exe

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

Analise arquivos e links suspeitos de forma online e totalmente gratuita

________________________________________________________________________________________

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

Bom dia,

estou com alguns problemas,

estava só reiniciando, travando,

executei duas tarefas e seguem abaixo,

como acessava somente com usuário

temporário, criei um novo usuário,

o que está evitando a perda de dados...

removi o avast, mas estou sem acesso

ao modo de segurança.....

1-

https://www.virustotal.com/pt/file/5014d4cfc2ff1a2608951e0f80ffbac8fa1f3cb88adff7b2481c31ec1d63423d/analysis/1406587031/

2-

Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by reparo at 29/07/2014 05:28:08
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit (Build 7600)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASMANCS
ELIMINÉ: HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (63) (108.273.607 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: AutoKMS
ELIMINÉ: {40A2A6DD-EF47-4EE5-9976-3A6BA7DD57F1}
ELIMINÉ: {4E1B028A-72ED-40CA-818A-8A4B7F885B0E}
ELIMINÉ: {824D238E-E199-4B8D-B033-94B5BBAAFAD2}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
9 : Chaves do Registo
1 : Pastas
2 : Ficheiros
5 : Tarefa planificada
1 : Restauração Sistema

End of clean in 00mn 23s

========== Caminho do ficheiro do relatório ==========
C:\Users\reparo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/07/2014 05:28:12 [1748]

Abra novamente o ( ZHPDiag )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pergaminho2_zps6e758639.jpg&key=6ea716e3ff0c1e80fdbb9b821ab86cbec4d10a8ec6466840625e1b7577bb9e18" alt="ZHPDiag_Pergaminho2_zps6e758639.jpg" />

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPDiag_Pesquisar_zps3acb0f25.jpg&key=a9db759c6eb2aaf3d21c25042f3a945d994ff770b624f42b57ce9b23ef895a51" alt="ZHPDiag_Pesquisar_zps3acb0f25.jpg" />

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

/applications/core/interface/imageproxy/imageproxy.php?img=http://i39.servimg.com/u/f39/11/05/93/83/zhpdia11.png&key=cd2bcbee7ecda71a202f64af97b2896faaf1bddc4af00b80af5b456d12007af6" alt="zhpdia11.png" />

Boa noite,

acessei o modo de de segurança,

rodei o antivirus, dois malwares foram removidos,

porém no outro usuário o logon ainda é temporário,

páginas abrem sozinhas e publicidade surge na tela

a todo momento, segue log solicitado....

~ Relatório do ZHPDiag v2014.7.27.109 - Nicolas Coolman (27/07/2014)
~ Iniciado por reparo (29/07/2014 19:07:05)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Kaspersky PURE 3.0 v13.0.2.558
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.01

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.7

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8098 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 406 GB (87%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA-PC
~ User Name: reparo
~ All Users Names: reparo, Nara, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\reparo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\reparo\AppData\Roaming\
~ %Desktop% : C:\Users\reparo\Desktop\
~ %Favorites% : C:\Users\reparo\Favorites\
~ %LocalAppData% : C:\Users\reparo\AppData\Local\
~ %StartMenu% : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 406 Go of 466 Go)
D: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/03/2013 - 02:49:19.) -- C:\Windows\System32\wininet.dll [1198080]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 14:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/22
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160] [PID.1428]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.452]
[MD5.7E91655B4947EC1B18B3BC1645839145] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128] [PID.1488]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3404]
[MD5.0DA8636ACBF55A4CA6350FEA7D789828] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8082432] [PID.4860]
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520] [PID.876]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1468]
[MD5.0B7E221689F370C87F640C6D2EED7D3F] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888] [PID.1544]

[MD5.24521F3E7001794E46CD12CE1E615EED] - (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) -- C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [303616] [PID.1768] =>PUP.Wajam
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.2676]
[MD5.EDEAB1CDDA0D326BAAEFCC345A0BE221] - (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer.) -- C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe [83968] [PID.3740] =>PUP.Wajam

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [user Data\Default][HomePage] http://br.hao123.com

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com
~ IE Browser: 19 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52809;https=127.0.0.1:52809; =>Hijacker.Proxy

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Teclado Virtual [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kbrd.ico
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Verificação de URLs [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.254
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe

O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Wajam Internet Enhancer Service (Wajam Internet Enhancer Service) . (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) - C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [06e9d593-5ff0-49e6-b296-4431f32774f9-4] (...) -- C:\Program Files (x86)\PlusVid\06e9d593-5ff0-49e6-b296-4431f32774f9-4.exe (.not file.) [0] =>PUP.PlusVid
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-codedownloader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-novainstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-nova.exe (.not file.) [0]
[MD5.F196BD7D4F1F6EFBC1A210510D5DBB84] [APT] [{9B58F3CE-A602-49DC-BF64-ACCDAD7E3E74}] (...) -- C:\Program Files (x86)\Don\DoN Launcher.exe [3743808]

O39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job [2232] =>PUP.CrossRider
O39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 [2232] =>PUP.CrossRider

O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 [1650] =>PUP.CrossRider

O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job [1386] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 [1386] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job [2450] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 [2450] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job [1484] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 [1484] =>PUP.CrossRider

O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job [1588] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 [1588] =>PUP.CrossRider

---\\ Software instalados (042)
O42 - Logiciel: 4t Tray Minimizer Free 5.52 - (.4t Niagara Software.) [HKLM][64Bits] -- 4t Tray Minimizer_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {5DB4716B-1246-4C39-AE77-2FFEE36DC46D}_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {C8141479-83BC-4CCB-B70C-5C033F227E79}}_is1
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: New Destiny versão 7.57 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T7}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Star Destiny versão 3.7 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1
O42 - Logiciel: WYD (remove only) - (...) [HKLM][64Bits] -- WYD
O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>PUP.Wajam
O42 - Logiciel: Wifi Protector BI - (.WFprotect.) [HKLM][64Bits] -- Wifi Protector BI
~ Logic: 30 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]

[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Wajam] =>PUP.Wajam

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/11/2012 - 15:17:00 - [] ----D C:\Program Files (x86)\4t Tray Minimizer
O43 - CFD: 21/07/2014 - 21:12:48 - [] ----D C:\Program Files (x86)\DoN
O43 - CFD: 17/07/2014 - 23:27:05 - [] ----D C:\Program Files (x86)\FDG
O43 - CFD: 28/07/2014 - 19:50:30 - [] ----D C:\Program Files (x86)\FLVM Player
O43 - CFD: 06/02/2014 - 11:49:42 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 09/03/2014 - 08:54:38 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 29/07/2014 - 06:52:34 - [] ----D C:\Program Files (x86)\Wajam =>PUP.Wajam
O43 - CFD: 28/07/2014 - 20:11:16 - [] ----D C:\Program Files (x86)\Wifi Protector BI
O43 - CFD: 29/07/2014 - 06:52:24 - [0] ----D C:\Users\reparo\AppData\Roaming\baidu
O43 - CFD: 28/07/2014 - 20:08:36 - [] ----D C:\Users\reparo\AppData\Roaming\Baidu Security
O43 - CFD: 28/07/2014 - 20:13:35 - [] ----D C:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 28/07/2014 - 19:50:28 - [] ----D C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
~ Program Folder: 118 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B6F762113B8C51943219CC7A5F8F93C1] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [4062]
O44 - LFC:[MD5.6D168297A9534E194DB590A9C48AF13E] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [4254]
O44 - LFC:[MD5.04199CA5C4A6F6E935906A74EAFCA8E7] - 28/07/2014 - 21:44:13 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]
O44 - LFC:[MD5.7D7F90460F1309B5205BF8CDFAD63E42] - 28/07/2014 - 21:44:15 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]
~ Files: 109 Legitimates Filtered in 01mn 11s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]
O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:04/10/2012 - 14:07:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [47720]
O58 - SDL:17/03/2014 - 18:30:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 67 Legitimates Filtered in 00mn 05s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 04/12/2013 - C:\Windows\System32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) - LEGACY_KNEPS
~ Legacy: 102 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [reparo - 9pa4sbmb.default] user_pref("extensions.crossrider.bic", "1477f3719312207c9d2ede9f8063be2b"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] Web [DefaultScope] - (Web) - http://br.yhs4.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {FAA16D39-29DE-4F14-9869-0DBF17DBF21B} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.44B89BC0069FA73A8EAD7120A4293B5B] [sPRF][04/05/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 2 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{4F850645-2D5A-46FA-BA00-8984D78B8442}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{3AB09CCB-4963-4C2E-BDB6-980C5CC62D0D}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

---\\ Search Tracing Registry Key (O100)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASAPI32 =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASMANCS =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASAPI32 =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASMANCS =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASMANCS =>PUP.Wajam

---\\ Search CLSID Registry Key (O101)

[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid
[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 28/07/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 28/07/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Auto 02/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

---\\ Scâner Aditional (088)
Database Version : 13026 - (27/07/2014)
Clés trouvées (Keys found) : 17
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 20

[HKLM\SYSTEM\CurrentControlSet\Services\Wajam Internet Enhancer Service] =>PUP.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =>PUP.Wajam^
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611171150}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
C:\Program Files (x86)\Wajam =>PUP.Wajam^
C:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam^
C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe =>PUP.Wajam^
C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 =>PUP.CrossRider^
[HKCU\Software\Wajam] =>PUP.Wajam^
[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid^
[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider^

---\\ Informações complémentaires do módulos
~ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação

 =>PUP.Wajam
 =>Hijacker.Proxy
 =>PUP.PlusVid
 =>PUP.CrossRider
 =>Adware.IMBooster
 =>Adware.VidSaver
http://nicolascoolman.fr/pup-contentexplorer%C2'> =>PUP.ContentExplorer

~ 804 Legitimates filtered by white list
End of the scan (551 lines in 02mn 31s)(0)

Como ontem após o gerar o log acima

apareceu a mensagem que o ZHPdiag

poderia não ter sido instalado corretamente,

baixei novamente, segue log recente....

~ Relatório do ZHPDiag v2014.7.29.110 - Nicolas Coolman (29/07/2014)
~ Iniciado por reparo (30/07/2014 06:36:30)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 31.0 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Kaspersky PURE 3.0 v13.0.2.558
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.01

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.7

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8098 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 406 GB (87%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA-PC
~ User Name: reparo
~ All Users Names: reparo, Nara, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\reparo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\reparo\AppData\Roaming\
~ %Desktop% : C:\Users\reparo\Desktop\
~ %Favorites% : C:\Users\reparo\Favorites\
~ %LocalAppData% : C:\Users\reparo\AppData\Local\
~ %StartMenu% : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 406 Go of 466 Go)
D: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/03/2013 - 02:49:19.) -- C:\Windows\System32\wininet.dll [1198080]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 14:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 01s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/22
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160] [PID.2116]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3016]
[MD5.7E91655B4947EC1B18B3BC1645839145] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128] [PID.1496]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.2296]
[MD5.9C41C4C252E978B5BABAF4C19BEC48CB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8083456] [PID.3812]
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520] [PID.916]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1476]
[MD5.0B7E221689F370C87F640C6D2EED7D3F] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888] [PID.1536]
[MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.888]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.1132]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.2732]
~ Processes Running: Scanned in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com
~ IE Browser: 19 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Teclado Virtual [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kbrd.ico
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Verificação de URLs [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.254
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
~ Services: 10 Legitimates Filtered in 00mn 05s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [06e9d593-5ff0-49e6-b296-4431f32774f9-4] (...) -- C:\Program Files (x86)\PlusVid\06e9d593-5ff0-49e6-b296-4431f32774f9-4.exe (.not file.) [0] =>PUP.PlusVid
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-codedownloader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-novainstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-nova.exe (.not file.) [0]
[MD5.F196BD7D4F1F6EFBC1A210510D5DBB84] [APT] [{9B58F3CE-A602-49DC-BF64-ACCDAD7E3E74}] (...) -- C:\Program Files (x86)\Don\DoN Launcher.exe [3743808]

O39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job [2232] =>PUP.CrossRider
O39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 [2232] =>PUP.CrossRider

O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 [1650] =>PUP.CrossRider

O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job [1386] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 [1386] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job [2450] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 [2450] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job [1484] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 [1484] =>PUP.CrossRider

O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job [1588] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 [1588] =>PUP.CrossRider

---\\ Software instalados (042)
O42 - Logiciel: 4t Tray Minimizer Free 5.52 - (.4t Niagara Software.) [HKLM][64Bits] -- 4t Tray Minimizer_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {5DB4716B-1246-4C39-AE77-2FFEE36DC46D}_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {C8141479-83BC-4CCB-B70C-5C033F227E79}}_is1
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: New Destiny versão 7.57 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T7}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Star Destiny versão 3.7 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1
O42 - Logiciel: WYD (remove only) - (...) [HKLM][64Bits] -- WYD
O42 - Logiciel: Wifi Protector BI - (.WFprotect.) [HKLM][64Bits] -- Wifi Protector BI
~ Logic: 29 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]

[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/11/2012 - 15:17:00 - [] ----D C:\Program Files (x86)\4t Tray Minimizer
O43 - CFD: 21/07/2014 - 21:12:48 - [] ----D C:\Program Files (x86)\DoN
O43 - CFD: 17/07/2014 - 23:27:05 - [] ----D C:\Program Files (x86)\FDG
O43 - CFD: 28/07/2014 - 19:50:30 - [] ----D C:\Program Files (x86)\FLVM Player
O43 - CFD: 06/02/2014 - 11:49:42 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 09/03/2014 - 08:54:38 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 28/07/2014 - 20:11:16 - [] ----D C:\Program Files (x86)\Wifi Protector BI
O43 - CFD: 29/07/2014 - 06:52:24 - [0] ----D C:\Users\reparo\AppData\Roaming\baidu
O43 - CFD: 28/07/2014 - 20:08:36 - [] ----D C:\Users\reparo\AppData\Roaming\Baidu Security
O43 - CFD: 28/07/2014 - 20:13:35 - [] ----D C:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 28/07/2014 - 19:50:28 - [] ----D C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
~ Program Folder: 117 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B6F762113B8C51943219CC7A5F8F93C1] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [4062]
O44 - LFC:[MD5.6D168297A9534E194DB590A9C48AF13E] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [4254]
O44 - LFC:[MD5.04199CA5C4A6F6E935906A74EAFCA8E7] - 28/07/2014 - 21:44:13 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]
O44 - LFC:[MD5.7D7F90460F1309B5205BF8CDFAD63E42] - 28/07/2014 - 21:44:15 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]
O44 - LFC:[MD5.D32B836ECD5A96D7662611D5A3660ED8] - 29/07/2014 - 19:55:36 ---A- . (...) -- C:\Windows\ntbtlog.txt [148024]
~ Files: 114 Legitimates Filtered in 00mn 04s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]
O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:04/10/2012 - 14:07:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [47720]
O58 - SDL:17/03/2014 - 18:30:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 71 Legitimates Filtered in 00mn 00s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 04/12/2013 - C:\Windows\System32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) - LEGACY_KNEPS
~ Legacy: 102 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web [DefaultScope] - (Web) - http://br.yhs4.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {FAA16D39-29DE-4F14-9869-0DBF17DBF21B} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.44B89BC0069FA73A8EAD7120A4293B5B] [sPRF][04/05/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 2 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{4F850645-2D5A-46FA-BA00-8984D78B8442}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{3AB09CCB-4963-4C2E-BDB6-980C5CC62D0D}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

---\\ Search Tracing Registry Key (O100)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASAPI32 =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASMANCS =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASAPI32 =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASMANCS =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASMANCS =>PUP.Wajam

---\\ Search CLSID Registry Key (O101)

[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid
[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 28/07/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 28/07/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe

---\\ Scâner Aditional (088)
Database Version : 13026 - (29/07/2014)
Clés trouvées (Keys found) : 15
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 17

[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611171150}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
C:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 =>PUP.CrossRider^
[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid^
[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider^

---\\ Informações complémentaires do módulos
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação

 =>Hijacker.Proxy
 =>PUP.PlusVid
 =>PUP.CrossRider
 =>Adware.IMBooster
 =>Adware.VidSaver
 =>PUP.ContentExplorer
 =>PUP.Wajam

~ 797 Legitimates filtered by white list
End of the scan (516 lines in 00mn 52s)(0)

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

Ficamos na espera.

Boa noite,

segue log,

também exclui o outro usuário

só entrava muito lentamente

com perfil temporário.

AdwCleaner v3.302 - Relatório criado 30/07/2014 às 21:29:27

Atualizado 30/07/2014 por Xplode

Sistema Operacional : Windows 7 Home Premium (64 bits)

Usuário : reparo - CASA-PC

Executando de : C:\Users\reparo\Downloads\AdwCleaner.exe

Opção : Limpar

*** [ Serviços ] ***

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem

*** [ Arquivos / Pastas ] ***

Pasta Deletada : C:\Program Files (x86)\FLVM Player
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Program Files (x86)\Wifi Protector BI
[#] Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\reparo\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\reparo\AppData\Roaming\baidu
Pasta Deletada : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml

*** [ Tarefas ] ***

Tarefa Deletedo : globalUpdateUpdateTaskMachineCore
Tarefa Deletedo : globalUpdateUpdateTaskMachineUA
Tarefa Deletedo : 06e9d593-5ff0-49e6-b296-4431f32774f9-4
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7

*** [ Atalhos ] ***

*** [ Registro ] ***

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

*** [ Navegadores ] ***

-\\ Internet Explorer v8.0.7600.17267

-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\prefs.js ]

[ Arquivo : C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default\prefs.js ]

[ Arquivo : C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\zdt96tt7.default\prefs.js ]

[ Arquivo : C:\Users\TEMP.casa-PC.000\AppData\Roaming\Mozilla\Firefox\Profiles\254nn8lo.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [10544 octets] - [30/07/2014 21:27:54]
AdwCleaner[R1].txt - [10605 octets] - [30/07/2014 21:28:44]
AdwCleaner[s0].txt - [10104 octets] - [30/07/2014 21:29:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10165 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

:veja: Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Boa noite,

segue log

Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by reparo on 31/07/2014 at 18:16:26,78.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\reparo\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

31/07/2014 18:17:19 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

Copyright © 1993-2006 Microsoft Corp.

This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

This file contains the mappings of IP addresses to host names. Each

entry should be kept on an individual line. The IP address should

be placed in the first column followed by the corresponding host name.

The IP address and the host name should be separated by at least one

space.

Additionally, comments (such as these) may be inserted on individual

lines or following the machine name denoted by a '#' symbol.

For example:

102.54.94.97 rhino.acme.com # source server

38.25.63.10 x.acme.com # x client host

localhost name resolution is handle within DNS itself.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com.br/");

user_pref("browser.search.defaulturl", "");
user_pref("browser.search.defaultenginename,S", "");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.selectedEngine,S", "");
user_pref("browser.search.order.1,S", "");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");

user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default\prefs.js:

Added to C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");

user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\zdt96tt7.default\prefs.js:

Added to C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\zdt96tt7.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");

user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~2\GUTD2F8.tmp deleted
C:\PROGRA~2\GUTDBCE.tmp deleted
C:\install.exe deleted
C:\Users\reparo\AppData\Roaming\ContentExplorer deleted
C:\Users\reparo\Searches deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\extensions\firefox@mega.co.nz.xpi deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [28/07/2014 22:45]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox

• Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
C899B98999270821EDFFA56044DE2377 - C:\Users\Nara\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[04/12/2013 19:30]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/12/2013 19:26]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/12/2013 19:26]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]

Docs - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
GBBD Caixa Economica Federal - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
Gmail - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=brosoft_pay_hp_te_hao123_br"
"Search Page"="http://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{FAA16D39-29DE-4F14-9869-0DBF17DBF21B} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Nara\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Nara\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Nara\Desktop\AIKA.lnk - C:\OnGame\AIKA\AIKALauncher.exe
C:\Users\Nara\Desktop\Conexão local - Atalho.lnk -
C:\Users\Nara\Desktop\Documentos - Atalho.lnk - C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
C:\Users\Nara\Desktop\HiJackThis.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Nara\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Nara\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Nara\Desktop\Play The Stomping Land.lnk - C:\GAMES\The Stomping Land\play-StompingLand.exe
C:\Users\Nara\Desktop\TeamSpeak 3 Client.lnk - C:\Users\Nara\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
C:\Users\Nara\Desktop\WYD.lnk - C:\OnGame\WYD\WYDLauncher.exe
C:\Users\reparo\Desktop\Safe Money.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\reparo\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\reparo\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk -
C:\Users\Public\Desktop\CCleaner.lnk -
C:\Users\Public\Desktop\DoN Sandbox.lnk -
C:\Users\Public\Desktop\DoN.lnk -
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk -
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -
C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk -
C:\Users\Public\Desktop\Mozilla Firefox.lnk -
C:\Users\Public\Desktop\NewLauncher.exe.lnk -
C:\Users\Public\Desktop\StrLauncher.exe.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67467664.lnk - C:\Users\Nara\AppData\Local\Temp\_uninst_67467664.bat
C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Age of Empires III™.lnk -
C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoN\DoN.lnk - C:\Program Files (x86)\DoN\DoN Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoN Sandbox\DoN Sandbox.lnk - C:\GAMES\DoN Sandbox\DoN Sandbox Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Ajuda do Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Doc\pt-BR\PURE\context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Remover o Kaspersky PURE 3.0.lnk - C:\Windows\SysWOW64\msiexec.exe /i{D0702EE9-9DE4-419A-9C6C-4730B1C985BA} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\DoN.lnk - C:\Program Files (x86)\DoN\DoN Launcher.exe
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Nara\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nara\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\reparo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\reparo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Nara\AppData\Local\Mozilla\Firefox\Profiles\4ej3vhqz.default\Cache emptied successfully
C:\Users\reparo\AppData\Local\Mozilla\Firefox\Profiles\rbh8i03t.default\Cache emptied successfully
C:\Users\TEMP\AppData\Local\Mozilla\Firefox\Profiles\zdt96tt7.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Nara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1367 folders=171 372986584 bytes)

==== Empty Temp Folders ======================

C:\Users\casa\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gabriel\AppData\Local\Temp emptied successfully
C:\Users\Nara\AppData\Local\Temp emptied successfully
C:\Users\reparo\AppData\Local\Temp will be emptied at reboot
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\reparo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\reparo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 31/07/2014 at 18:42:20,67 ======================

Faça um update (atualização) em seu Malwarebytes e depois disso siga as dicas abaixo para fazer a limpeza completa com ele:

Alterando o idioma do Malwarebytes para o português: (caso ele esteja em outro idioma)

Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings como mostra esta imagem:

/applications/core/interface/imageproxy/imageproxy.php?img=http://4.bp.blogspot.com/-q5PvwLl49J8/U1vLGwIzWAI/AAAAAAAAeoI/UlHEMAJyaps/s1600/tutorial-malwarebytes-2.jpg&key=996c287f7d88b079200b6217eb17a28ceb760853a2196cadb3606aa17e45b3d8" alt="tutorial-malwarebytes-2.jpg" />

Na próxima tela que surge, clique em Language e selecione a opção Portugueze (Brazil):

/applications/core/interface/imageproxy/imageproxy.php?img=http://4.bp.blogspot.com/-Xzi4hNVswlI/U1vMQ4q0_MI/AAAAAAAAeoU/2YzRirZiaNc/s1600/tutorial-malwarebytes-3.jpg&key=bd2694963334045d62d5b5029968443fe61ee9c183039fd626b7045b7e10f763" alt="tutorial-malwarebytes-3.jpg" />

___________________________________________________________________________

Como executar uma verificação personalizada com o Malwarebytes:

• Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:

/applications/core/interface/imageproxy/imageproxy.php?img=http://1.bp.blogspot.com/-nNE7LahJXFE/U0sFnwfHnLI/AAAAAAAAeOI/n5fl1EPqCHQ/s1600/malwarebytes-tutorial-11.jpg&key=4214b44e1b996b41dcc75396a43a6bdf56e54c0709bc0fb5961d472dee0d97a7" alt="malwarebytes-tutorial-11.jpg" />

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:

Verificar Objetos na Memória

Verificar as Configurações da Inicialização e do Registro

Verificar Arquivos Compactados

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:

/applications/core/interface/imageproxy/imageproxy.php?img=http://1.bp.blogspot.com/-5vtGPm94da4/U0sZdx4R4HI/AAAAAAAAeQQ/VgEiJP0GGCQ/s1600/malwarebytes-tutorial-12.jpg&key=e5e769446420835c359c3991fc430ddde9cc3df27f3d66c0f3384314c7ef2f34" alt="malwarebytes-tutorial-12.jpg" />

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

/applications/core/interface/imageproxy/imageproxy.php?img=http://3.bp.blogspot.com/-nDoVIXDlExA/U0sIociCt1I/AAAAAAAAeOc/G78lwmJD6qI/s1600/malwarebytes-tutorial-13.jpg&key=36dcdb722e83741037bc2d8ea162c014e3634103d97cd8609723d7d27f75cc08" alt="malwarebytes-tutorial-13.jpg" />

Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:

/applications/core/interface/imageproxy/imageproxy.php?img=http://2.bp.blogspot.com/-tbNiseyiYio/U0sJVKSx_qI/AAAAAAAAeOs/caY129fD2q4/s1600/malwarebytes-tutorial-1.jpg&key=2638c4b9562c3345a18e3d3085d33d6245ae30d77bd3dd5670dd5ffdd6965769" alt="malwarebytes-tutorial-1.jpg" />

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).

Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:

/applications/core/interface/imageproxy/imageproxy.php?img=http://2.bp.blogspot.com/-1Ewu0bQ91pY/U0sLvOiRvXI/AAAAAAAAeO4/Hx58TRqhZf8/s1600/malwarebytes-tutorial-2.jpg&key=6339196cb32744984138200af1c983c4c5fdc5f9a8a86e3a8c68ff5443243dc2" alt="malwarebytes-tutorial-2.jpg" />

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:

/applications/core/interface/imageproxy/imageproxy.php?img=http://3.bp.blogspot.com/-qwltAhRVCvA/U0sMFQ_qbdI/AAAAAAAAePA/aM4hautfUuY/s1600/malwarebytes-tutorial-3.jpg&key=e32aa561e81e38f1ba27e0074e853d5bfa19ac9f5b99206b898721b9a2366575" alt="malwarebytes-tutorial-3.jpg" />

Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.

Boa tarde,

rodei o malwarebytes como indicado,

porém como minha versão free já expirou,

acreditoque por isto não visualizo o log,

quatro ameaças foram detectadas, foram

para a quarentena e depois excluídas.

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

Tentei baixar direto do seu post e da caixa de dicas,

uso windows 7 então ao executar como administrador

dá a mensagem de acesso negado,mesmo com

o antivírus desativado.

Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

Tutorial do antivirus Nod32 Online

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

Na sua próxima resposta poste este log do Nod32 Online.

Bom dia,

segue log...

ESETSmartInstaller@High as downloader log:
all ok

product=EOS

version=8

OnlineScannerApp.exe=1.0.0.1

OnlineScanner.ocx=1.0.0.7623

api_version=3.0.2

EOSSerial=4166e92481bfe944a1162389cf434cbc

engine=19467

end=finished

remove_checked=true

archives_checked=true

unwanted_checked=true

unsafe_checked=true

antistealth_checked=true

utc_time=2014-08-02 11:19:10

local_time=2014-08-02 08:19:10 (-0300, Hora oficial do Brasil)

country="Brazil"

lang=1033

osver=6.1.7600 NT

compatibility_mode_1='Kaspersky PURE 3.0'

compatibility_mode=1289 16777213 100 99 0 98292018 0 0

compatibility_mode_1=''

compatibility_mode=5893 16776573 100 94 0 158525400 0 0

scanned=220549

found=17

cleaned=17

scan_time=3083

Como está o PC?

Funcionando normalmente,

só os ícones na área de trabalho (atalhos)

aparecem como uma página em branco

e não figuras.... no mais tudo normal!

>
só os ícones na área de trabalho (atalhos)

aparecem como uma página em branco

e não figuras.... no mais tudo normal!

Siga as dicas deste tutorial abaixo e veja se este problema é resolvido:

Boa tarde,

segui os passos de dois tutoriais, entre eles o sugerido,

não funcionou, há ícones normais, os que estão com

problema migraram automaticamente do antigo usuário,

que só entrava com logon temporário e depois exclui o mesmo,

quando tento excluir estes atalhos com problema dá a seguinte

mensagem " você precisa da autorização do administrador

para excluir este arquivo" o estranho que são só atalhos

e o usuário que estou utilizandoé adm...

Siga as dicas deste tutorial abaixo para remover arquivos indesejados que se recusam a serem excluídos:

Exclua, mova ou renomeie arquivos e pastas bloqueados com Unlocker

http://www.caixadedicas.com/2013/12/arquivos-ou-pastas-em-seu-pc-se-recusam.html

Depois nos diga se resolveu.

Boa noite,

foram removidos os ícones,

tudo certo agora,

obrigada pela ajuda,

valeu Imasters Forum!!!