Janelas POPUP e AD's

Olá pessoal!

Tenho um (ou vários lool) problema com o PC.

Sempre que uso o browser seja o explorer ou o chrome começam a abrirjanelas de publicidades e bla bla, vou a um site e aparecem montes de AD's....alguém me pode ajudar??

Abraço

Filipe Vicente

  Olá Filipe Vicente. Seja bem vindo ao Fórum PC Brasil.

 Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

*Execute-o e clique no botão Main Menu.

* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].

*Um relatório será apresentado.

*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.

Ficamos no aguardo de sua resposta.

Olá POWER MAX! Obrigado pela resposta! Peço desculpa da minha parte mas não consegui vir ao PC esta semana.
Então ai vai o relatório:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:01:29, on 09-02-2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LD2WNT3V\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ddfcc212-9d54-48b7-a0d0-a5023ddb5b79} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MediaPlayerV1alpha294 - {46032549-27d0-4614-b60f-a9ff026c6757} - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha294\ie\MediaPlayerV1alpha294.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BackgroundContainer] "C:\Windows\system32\Rundll32.exe" "C:\Users\user\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Google Sidewiki... - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Bonjour Service - Unknown owner - C:\Windows\TEMP\avgcu_mDNSResponder.exe (file missing)
O23 - Service: Firewall AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WDFME (WDFMEService) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
O23 - Service: WDRules (WDRulesService) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10904 bytes


Obrigado

Cumprimentos

  Siga, por gentileza, as dicas dos tutoriais abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt e o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

Ola envio em anexo os relatorios. não consegui copiar par aqui.

Abraço e Obrigado!

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Boas Power, segue ai o novo relatório. A máquina parece estar melhor!



Zoek.exe v5.0.0.0 Updated 10-February-2014
Tool run by user on 10-02-2014 at 23:36:24,54.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10-02-2014 23:39:36 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3393511421-3434980323-3715750170-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{C585D593-E7F3-4852-A200-561686EE02E4} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\user\.android deleted
C:\Program Files\MediaPlayerV1 deleted
C:\Program Files\The Sea App (Internet Explorer) deleted
C:\extensions.sqlite deleted
C:\extensions.ini deleted
C:\extensions deleted
C:\Users\user\AppData\Roaming\Wondershare deleted
C:\Users\user\AppData\Local\Wondershare deleted
C:\Users\user\AppData\LocalLow\WiseConvert_1.1 deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchost.xml deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\Users\user\AppData\Roaming\Emib" deleted
"C:\Users\user\AppData\Roaming\Edheem" deleted
"C:\Program Files\Common Files\Wondershare" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"ext@MediaPlayerV1alpha294.net"="C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha294\ff" []

==== Chrome Look ======================

Google Docs - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Media Player - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihjknekimfnmhkhabiidgimbdklbobd
Google Search - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Telexfree Links Generator - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\edneofannbhihkgcohmekijncjblaihp
Google Wallet - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihjknekimfnmhkhabiidgimbdklbobd deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.pt/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.pt/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3393511421-3434980323-3715750170-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46032549-27d0-4614-b60f-a9ff026c6757} deleted successfully
HKEY_USERS\S-1-5-21-3393511421-3434980323-3715750170-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46032549-27d0-4614-b60f-a9ff026c6757} deleted successfully
HKEY_USERS\S-1-5-21-3393511421-3434980323-3715750170-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{46032549-27d0-4614-b60f-a9ff026c6757} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46032549-27d0-4614-b60f-a9ff026c6757} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3393511421-3434980323-3715750170-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{46032549-27d0-4614-b60f-a9ff026c6757} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@MediaPlayerV1alpha294.net deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\user\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\BitTorrent.lnk - C:\Program Files\BitTorrent\BitTorrent.exe
C:\Users\Public\Desktop\BS.Player FREE.lnk - C:\Program Files\Webteh\BSPlayer\bsplayer.exe
C:\Users\Public\Desktop\GMapTool.lnk - C:\Program Files\GMapTool\GMapTool.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\LightScribe.lnk - C:\Program Files\Common Files\LightScribe\LSLauncher.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\Virtual CloneDrive.lnk - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe
C:\Users\Public\Desktop\WD Drive Utilities.lnk - C:\Program Files\Western Digital\WD Apps\WDDriveUtilities.exe
C:\Users\Public\Desktop\WD Security.lnk - C:\Program Files\Western Digital\WD Apps\WDDriveSecurity.exe
C:\Users\Public\Desktop\WD SmartWare.lnk - C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Program Files\BitTorrent\BitTorrent.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files\Webteh\BSPlayer\bsplayer.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Sea App deleted successfully

==== Empty IE Cache ======================

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\user\AppData\Local\temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=177 folders=63 19298510 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\user\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================


C:\Windows\Temp successfully emptied
C:\Users\user\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\user\AppData\Local\temp\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 11-02-2014 at 0:03:55,20 ======================

 Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log do Malwarebytes

Ficamos no aguardo.

Ola Power,

Segue o relatório:

Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da base de dados: v2014.02.11.09

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrador]

11-02-2014 17:27:06
mbam-log-2014-02-11 (17-27-06).txt

Tipo de pesquisa: Completa (C:\|D:\|F:\|)
Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI
Opções de pesquisa desactivadas: P2P
Objectos verificados: 492649
Tempo decorrido: 3 hora(s), 25 minuto(s), 3 segundo(s)

Processos de memória Detectados: 0
(Nenhum item malicioso detectado)

Módulos de Memória Detectados: 0
(Nenhum item malicioso detectado)

Chaves do Registo Detectadas: 3
HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Movido para a quarentena e eliminado com sucesso.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Movido para a quarentena e eliminado com sucesso.
HKLM\SOFTWARE\MediaPlayerV1alpha294 (PUP.Optional.MediaPlayerAlpha.A) -> Movido para a quarentena e eliminado com sucesso.

Valores do Registo Detectados: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Dados: "C:\Windows\system32\Rundll32.exe" "C:\Users\user\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Movido para a quarentena e eliminado com sucesso.

Itens de dados do Registo Detectados: 0
(Nenhum item malicioso detectado)

Pastas Detectadas: 0
(Nenhum item malicioso detectado)

Ficheiros Detectados: 10
C:\Program Files\360\360safe\firstaid\SuperKiller.exe (Rogue.Installer) -> Movido para a quarentena e eliminado com sucesso.
C:\zoek_backup\C_Program Files_MediaPlayerV1\MediaPlayerV1alpha294\uninstall.exe (PUP.Optional.MediaPlayerAlpha.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files\BS_Player_ControlBar\BS_Player_ControlBarToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Conduit\CT1750559\BS_Player_ControlBarAutoUpdateHelper.exe.vir (PUP.Optional.Conduit) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\BS_Player_ControlBar\hk64tbBS_2.dll.vir (PUP.Optional.Conduit) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\BS_Player_ControlBar\hktbBS_2.dll.vir (PUP.Optional.Conduit) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\BS_Player_ControlBar\ldrtbBS_2.dll.vir (PUP.Optional.Conduit) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\BS_Player_ControlBar\tbBS_2.dll.vir (PUP.Optional.Conduit) -> Movido para a quarentena e eliminado com sucesso.

(fim)


Muito Obrigado!

 |- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
 
|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Boas Power, segue ai o proximo relatorio.
~ Relatório do ZHPDiag v2014.2.10.5 - Nicolas Coolman (10-02-2014)
~ Iniciado por user (13-02-2014 00:39:06)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v32.0.1700.107

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.3697
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.2 - Português

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 39 GB (26%) free of 149 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USER-PC
~ User Name: user
~ All Users Names: user, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 39 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorador do Windows.) (.26-02-2011 - 00:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicação de Arranque do Windows.) (.13-07-2009 - 20:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensões da Internet para Win32.) (.21-02-2013 - 22:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicação de início de sessão do Windows.) (.28-10-2009 - 01:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13-07-2009 - 20:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24-04-2011 - 21:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13-07-2009 - 20:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13-07-2009 - 18:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.656D1EC977E3C5316A62DBBE52CB9663] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.03-10-2009 - 20:30:19.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26-04-2011 - 21:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13-07-2009 - 18:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Controlador de porta i8042.) (.13-07-2009 - 18:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13-07-2009 - 18:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03-05-2011 - 21:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13-07-2009 - 18:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Controlador de Sistema de Ficheiros NT.) (.12-04-2013 - 08:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Controlador de porta paralela.) (.13-07-2009 - 18:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13-07-2009 - 18:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13-07-2009 - 19:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13-07-2009 - 18:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13-07-2009 - 18:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.295954C522A057D3E590EE38246789CE] - (.Microsoft Corporation - Controlador de cópia sombra do volume.) (.06-09-2012 - 14:18:37.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/5999
~ Mes musiques (My Musics) : 8/3152
~ Mes Favoris (My Favorites) : 1/71
~ Mes Documents (My Documents) : 1/12902
~ Mon Bureau (My Desktop) : 3/2963
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 12s



---\\ Processos lançados
[MD5.62B3C9786081ECAAB272A118408D2817] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800] [PID.3800]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.1556]
[MD5.52CEFB5974BC6332F8B8FD2C87611CF2] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [202032] [PID.3852]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.3904]
[MD5.B63E5C7807334A3A8F731062F15462CC] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008] [PID.4072]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4088]
[MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896] [PID.2200]
[MD5.2A21FE60A9BC5247BD8C57409A2B97F8] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456] [PID.2584]
[MD5.610FA1C3EBDD079C86C32EEF213733FC] - (.Western Digital - WD Drive Auto Unlock.) -- C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe [1687968] [PID.2468]
[MD5.51DE37D122CE5BB7955A050D9D8A614F] - (.Western Digital Technologies, Inc. - WD Drive Manager Status.) -- C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe [3998616] [PID.2604]
[MD5.643F7A81B4FC27845886AB9650AD2C61] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [4956176] [PID.2196]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.2716] =>Toolbar.Google
[MD5.E02E715FA2BC8D88FF9362374E309D76] - (.Hewlett-Packard Company - No Comment.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.2968]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.3248]
[MD5.1F373C5DB440D92839DDDF63F5BA2E8A] - (.Synaptics, Inc. - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [95528] [PID.3692]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.1140]
[MD5.32732CEDE2A1106B736EF3D84054EE04] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757376] [PID.4068]
[MD5.846BA5CF14A348FBBA3E8A905FC4455E] - (.Adobe Systems Incorporated - Adobe Flash Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe [840072] [PID.5156]
[MD5.C5AC2D90D39224C7D84DD7E9B783BE31] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8333824] [PID.2476]
[MD5.5D4BF3F62AB25C9CAE8B1FCB1CB47297] - (.AVG Technologies CZ, s.r.o. - AVG Configuration Management Application.) -- C:\Program Files\AVG\AVG2014\avgcfgex.exe [335408] [PID.6624]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{DDFCC212-9D54-48B7-A0D0-A5023DDB5B79} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: BitTorrent.lnk . (.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Public]: BS.Player FREE.lnk . (.AB Team - BS.Player.) -- C:\Program Files\Webteh\BSPlayer\bsplayer.exe
O4 - GS\Desktop [Public]: GMapTool.lnk . (...) -- C:\Program Files\GMapTool\GMapTool.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: LightScribe.lnk . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files\Common Files\LightScribe\LSLauncher.exe
O4 - GS\Desktop [Public]: Virtual CloneDrive.lnk . (.Elaborate Bytes AG - VirtualCloneDrive Preferences.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe
O4 - GS\Desktop [Public]: WD Security.lnk . (.Western Digital - WD Security.) -- C:\Program Files\Western Digital\WD Apps\WDDriveSecurity.exe
O4 - GS\QuickLaunch [user]: BitTorrent.lnk . (.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [user]: BS.Player FREE.lnk . (.AB Team - BS.Player.) -- C:\Program Files\Webteh\BSPlayer\bsplayer.exe
O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [user]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [user]: Transferência de Ficheiros do Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
~ Global Startup: 70 Legitimates Filtered in 00mn 04s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [user]: Iniciação Rápida do Microsoft Office OneNote 2007.lnk . (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe =>.Elaborate Bytes AG
O4 - HKLM\..\Run: [WD Drive Unlocker] . (.Western Digital - WD Drive Auto Unlock.) -- C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe =>.Western Digital Technologies
O4 - HKLM\..\Run: [WD Quick View] . (.Western Digital Technologies, Inc. - WD Drive Manager Status.) -- C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe =>.Western Digital Technologies
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (.not file.)
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [SpeedAgendaPlus2] Chave orfã
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-3393511421-3434980323-3715750170-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3393511421-3434980323-3715750170-1000\..\Run: [SpeedAgendaPlus2] Chave orfã
O4 - HKUS\S-1-5-21-3393511421-3434980323-3715750170-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-3393511421-3434980323-3715750170-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Garmin Communicator Plug-In (Garmin Communicator Plug-In) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EC3A05C-F9E7-4A50-B93C-E0DB13BD27EE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6923EF7-ACB2-4EDA-83E2-7B5C24365CF7}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EC3A05C-F9E7-4A50-B93C-E0DB13BD27EE}: DhcpDomain = vlan1.phub.net.cable.rogers.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EC3A05C-F9E7-4A50-B93C-E0DB13BD27EE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6923EF7-ACB2-4EDA-83E2-7B5C24365CF7}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EC3A05C-F9E7-4A50-B93C-E0DB13BD27EE}: DhcpDomain = vlan1.phub.net.cable.rogers.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EC3A05C-F9E7-4A50-B93C-E0DB13BD27EE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6923EF7-ACB2-4EDA-83E2-7B5C24365CF7}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EC3A05C-F9E7-4A50-B93C-E0DB13BD27EE}: DhcpDomain = vlan1.phub.net.cable.rogers.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{F178A5F8-8021-4393-8DF5-C0574D0608ED}] (...) -- C:\users\user\Desktop\sp35850.exe (.not file.) [0]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 07s



---\\ Software instalados (042)
O42 - Logiciel: BS Player ControlBar Toolbar for IE - (.BS Player ControlBar.) [HKLM] -- IECT1750559
~ Logic: 12 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Pando Networks]
[HKCU\Software\TR2]
[HKCU\Software\The Sea App] =>Adware.TheSeaApp
[HKLM\Software\MediaPlayerV1]
[HKLM\Software\Pando Networks]
~ Key Software: 222 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17-02-2010 - 15:07:21 - [82,657] ----D C:\Program Files\360
O43 - CFD: 24-03-2010 - 15:56:41 - [0] ----D C:\Program Files\Declarações Electrónicas
O43 - CFD: 30-10-2011 - 19:34:31 - [16,818] ----D C:\Program Files\DreaMule
O43 - CFD: 18-11-2009 - 10:20:37 - [0] -SH-D C:\Program Files\Ficheiros comuns
O43 - CFD: 01-11-2012 - 18:54:46 - [0] ----D C:\Program Files\Pando Networks
O43 - CFD: 17-02-2010 - 15:18:58 - [0,833] ----D C:\Program Files\TTPlayer
O43 - CFD: 18-11-2009 - 10:20:37 - [0] -SH-D C:\ProgramData\Ambiente de trabalho
O43 - CFD: 17-02-2010 - 15:08:14 - [0,024] ----D C:\Users\user\AppData\Roaming\360safe
O43 - CFD: 13-01-2010 - 18:22:31 - [2,878] ----D C:\Users\user\AppData\Roaming\LimeWire
O43 - CFD: 19-11-2009 - 09:10:56 - [9,453] ----D C:\Users\user\AppData\Local\{ADD83C01-8837-4D5B-AE63-4A6847354A92}
O43 - CFD: 17-02-2010 - 15:18:57 - [0] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360°²È«ÎÀÊ¿
~ 2 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 205 Legitimates Filtered in 01mn 39s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 02-02-2014 - 22:21:09 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 02-02-2014 - 22:21:09 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 02-02-2014 - 22:21:09 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 02-02-2014 - 22:21:09 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 02-02-2014 - 22:21:09 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 10-02-2014 - 23:36:05 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.84C60A3025A5227BC3D1AC074E8BF858] - 11-02-2014 - 00:03:55 ---A- . (...) -- C:\zoek-results.log [13337]
~ Files: 17 Legitimates Filtered in 00mn 05s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13-07-2009 - 20:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13-07-2009 - 17:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.1849E7EB7140FBEBED0AAABB7B1C0923] - 13-01-2006 - 19:39:44 ---A- . (.Micro Vision Co.,Ltd - MicroVision MV-25 WDM stream controller.) -- C:\Windows\System32\Drivers\Mvc25U870.sys [51584]
O58 - SDL:[MD5.D85E3FA9F5B1F29BB4ED185C450D1470] - 16-11-2006 - 04:16:24 ---A- . (.REDC - RICOH MMC Driver.) -- C:\Windows\System32\Drivers\rimmptsk.sys [32256]
O58 - SDL:[MD5.DB8EB01C58C9FADA00C70B1775278AE0] - 15-11-2006 - 23:42:46 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimsptsk.sys [43520]
O58 - SDL:[MD5.6C1F93C0760C9F79A1869D07233DF39D] - 14-11-2006 - 12:35:20 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\System32\Drivers\rixdptsk.sys [37376]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13-07-2009 - 20:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13-07-2009 - 16:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13-07-2009 - 16:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13-07-2009 - 16:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13-07-2009 - 16:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13-07-2009 - 16:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13-07-2009 - 16:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13-07-2009 - 16:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13-07-2009 - 16:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13-07-2009 - 16:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13-07-2009 - 16:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13-07-2009 - 16:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13-07-2009 - 16:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13-07-2009 - 16:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13-07-2009 - 16:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13-07-2009 - 16:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 18 Legitimates Filtered in 00mn 06s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7B4E6EA4FB7778A36F5D95087DE10606] [SPRF][10-02-2014] (...) -- C:\Users\user\Desktop\zoek.exe [1283584]
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{F7325A9A-EF0B-4D58-99FF-103CB329DE2F}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\BT Next Evolution\btnext.exe (.not file.)
O87 - FAEL: "{BF249056-1CD2-450B-8B2D-C4ED36D096AB}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\BT Next Evolution\btnext.exe (.not file.)
O87 - FAEL: "{CB46E87E-8BD1-42B3-9B3F-2ABC31D0AF93}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{414669CB-A2A8-4EC2-A649-EF883F9D2724}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{DBF3E6AC-7393-4E8B-B81A-F073FD92B772}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\nokia\nokia software updater\nsu_ui_client.exe (.not file.) =>.Nokia
O87 - FAEL: "UDP Query User{31A15B2E-984A-4C46-8E7F-94518EE4C1D6}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\nokia\nokia software updater\nsu_ui_client.exe (.not file.) =>.Nokia
O87 - FAEL: "{96D81729-61D5-4A12-AF63-F6545EC7522C}" |In - Public - P17 - TRUE | .(...) -- C:\program files\nokia\nokia software updater\nsu_ui_client.exe (.not file.) =>.Nokia
O87 - FAEL: "{4B8A7495-1215-4539-A673-4158A30B445F}" |In - Public - P6 - TRUE | .(...) -- C:\program files\nokia\nokia software updater\nsu_ui_client.exe (.not file.) =>.Nokia
O87 - FAEL: "{89F69E13-3213-4964-9EA3-A9AB81FDCF1E}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\lxcrcoms.exe (.not file.)
O87 - FAEL: "{480FA1DC-2D29-4F59-908A-94A3F91D0B76}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\lxcrcoms.exe (.not file.)
O87 - FAEL: "{15AD3596-3C97-451F-B2CB-4E198DA30E3C}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{8ACFCA6B-EE24-4468-8033-BEE5D350E26D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{A139156F-0CBC-4508-AACA-C0ADF7637987}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{5B0089DE-A6F0-4FDE-B45F-39846C202FE0}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
~ Firewall: 263 Legitimates Filtered in 00mn 02s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.19A665988BA2E2C24261EEA6AFD1B353] [WIS][02-01-2010] (.Nokia - MSVC90_x86.) -- C:\Windows\Installer\3c777.msi [28236288]
~ WIS: 102 Legitimates Filtered in 00mn 21s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 05-02-2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10-07-1658 0 | (AVG Bonjour Service) . (...) - C:\Windows\TEMP\avgcu_mDNSResponder.exe
SS - | Auto 11-11-2013 3478544 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SS - | Demand 05-03-2007 110592 | (Com4Qlb) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
SS - | Demand 20-02-2013 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 04-02-2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04-02-2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22-08-2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04-01-2012 718888 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 05-09-2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13-07-2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 24-09-2013 1358944 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgfws.exe
SR - | Auto 24-09-2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 02-05-2006 135168 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 20-08-2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 13-07-2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 06-03-2009 203296 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 13-07-2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 15-12-2011 265624 | (WDDMService) . (.WDC.) - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
SR - | Auto 16-12-2011 246688 | (WDDriveService) . (.Western Digital.) - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
SR - | Auto 15-12-2011 1591176 | (WDFMEService) . (.Western Digital.) - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
SR - | Auto 15-12-2011 1091992 | (WDRulesService) . (.Western Digital.) - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
SR - | Auto 13-07-2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 28-11-2006 386560 | (XAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\DRIVERS\xaudio.exe

~ Services: Scanned in 00mn 23s



---\\ Scâner Aditional (088)
Database Version : 13030 - (10-02-2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3

[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\The Sea App] =>Adware.TheSeaApp^
~ Additionnel Scan: 270896 Items scanned in 00mn 33s



---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.TheSeaApp
~ MSI: 2 link(s) detected in 00mn 33s



~ 1153 Legitimates filtered by white list
End of the scan (478 lines in 03mn 55s)(0)

 Copie todo o texto em vermelho que te passei (começando em script zhpfix e indo até SysRestore)

 Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC após estes procedimentos.

TÓPICO ARQUIVADO

Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.