Computador está lento!!

segue o log do hijackthis para ver se tem algo errado nele. agradeço desde já!!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:25:05, on 13/3/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
D:\Avira\AntiVir Desktop\avgnt.exe
D:\Arquivos de programas\USB Disk Security\USBGuard.exe
D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Google\Update\1.3.22.5\GoogleCrashHandler.exe
D:\Arquivos de programas\OO Software\Defrag\oodtray.exe
D:\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\WINDOWS\System32\svchost.exe
D:\Arquivos de programas\OO Software\Defrag\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\WINDOWS\system32\svchost.exe
d:\Arquivos de programas\TeamViewer\Version9\TeamViewer_Service.exe
d:\Arquivos de programas\TeamViewer\Version9\TeamViewer.exe
d:\Arquivos de programas\TeamViewer\Version9\tv_w32.exe
D:\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Documents and Settings\Loj@\Meus documentos\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [USB Security] d:\Arquivos de programas\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OODefragTray] D:\Arquivos de programas\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: O&O Defrag Tray.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Arquivos de programas\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - D:\Arquivos de programas\OO Software\Defrag\oodag.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - d:\Arquivos de programas\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 7787 bytes

  Olá Italo. Seja bem vindo ao Fórum PC Brasil.

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________

Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log do Malwarebytes.

Ficamos no aguardo.

Na duvida postei também um novo log do Hijackthis...

Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: v2014.03.13.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Loj@ :: LOJA [administrador]

13/3/2014 16:51:15
mbam-log-2014-03-13 (16-51-15).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 310288
Tempo decorrido: 1 hora(s), 25 minuto(s), 30 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 8
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0M1K1N1M1T -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 8
D:\INSTALADORES\02 - ferramentas\drive do pen drive sony\For Windows\MSI.CAB (Risktool.KillFiles) -> Nenhuma ação foi feita.
D:\INSTALADORES\02 - ferramentas\drive do pen drive sony\For Windows\MSI\_6227252443C841BF9FFDFF29A9856421 (Risktool.KillFiles) -> Nenhuma ação foi feita.
C:\Documents and Settings\Loj@\Meus documentos\Downloads\Patch.rar (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\Loj@\Meus documentos\Downloads\RemoveWGA.rar (PUP.RemoveWGA) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\Loj@\Meus documentos\Downloads\Patch\Patch.exe (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
D:\MSOCache\All Users\90000416-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE (Trojan.FakeMS) -> Enviado para a Quarentena e deletado com sucesso.
D:\INSTALADORES\05 - proteção\Glary Utilites P 2.41.0.1358B.rar (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
D:\Arquivos de programas\DVD Audio Extractor\dvd.audio.extractor.7.x-patch.exe (PUP.Riskware.Patcher) -> Enviado para a Quarentena e deletado com sucesso.

(fim)



=================================================================================


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:27:09, on 14/3/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Avira\AntiVir Desktop\sched.exe
D:\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\WINDOWS\System32\svchost.exe
D:\Arquivos de programas\OO Software\Defrag\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Arquivos de programas\TeamViewer\Version9\TeamViewer_Service.exe
D:\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Arquivos de programas\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\WINDOWS\Explorer.EXE
d:\Arquivos de programas\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
D:\Avira\AntiVir Desktop\avgnt.exe
D:\Arquivos de programas\USB Disk Security\USBGuard.exe
D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
D:\Arquivos de programas\OO Software\Defrag\oodtray.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe
d:\Arquivos de programas\TeamViewer\Version9\tv_w32.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Loj@\Meus documentos\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [USB Security] d:\Arquivos de programas\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OODefragTray] D:\Arquivos de programas\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: O&O Defrag Tray.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Arquivos de programas\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - D:\Arquivos de programas\OO Software\Defrag\oodag.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - d:\Arquivos de programas\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 8022 bytes

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.022 - Relatório criado 14/03/2014 às 12:22:37
# Atualizado 13/03/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Loj@ - LOJA
# Executando de : C:\Documents and Settings\Loj@\Meus documentos\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\apn

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\PIP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (pt-BR)

[ Arquivo : C:\Documents and Settings\Loj@\Dados de aplicativos\Mozilla\Firefox\Profiles\2nkpncol.default\prefs.js ]

Linha deletada : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1361810608567");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1361810623503");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1361810623521");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1361810692449");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1361810623538");

-\\ Google Chrome v33.0.1750.146

[ Arquivo : C:\Documents and Settings\Loj@\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6409 octets] - [14/03/2014 12:19:42]
AdwCleaner[S0].txt - [6209 octets] - [14/03/2014 12:22:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6269 octets] ##########

 Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Loj@ on sex 14/03/2014 at 12:40:05,70.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Loj@\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14/3/2014 12:41:08 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Documents and Settings\Loj@\Dados de aplicativos\Mozilla\Firefox\Profiles\2nkpncol.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com.br/");

Added to C:\Documents and Settings\Loj@\Dados de aplicativos\Mozilla\Firefox\Profiles\2nkpncol.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1\DADOSD~1\Zbshareware Lab deleted
C:\Documents and Settings\Loj@\Dados de aplicativos\cdr.ini deleted
C:\Documents and Settings\Loj@\7zSA47.tmp deleted
C:\Documents and Settings\Loj@\7zSA4D.tmp deleted
C:\WINDOWS\System32\InstallUtil.InstallLog deleted
C:\Documents and Settings\Loj@\Dados de aplicativos\Mozilla\Firefox\Profiles\2nkpncol.default\jetpack deleted
"C:\Documents and Settings\Loj@\Dados de aplicativos\DMCache" deleted
"C:\Documents and Settings\Loj@\Dados de aplicativos\Samsung" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [18/10/2013 12:20]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02/02/2013 10:22]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Loj@\Dados de aplicativos\Mozilla\Firefox\Profiles\2nkpncol.default
- YouTube Center - %ProfilePath%\extensions\jid1-cwbvBTE216jjpg@jetpack.xpi
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Loj@\Dados de aplicativos\Mozilla\Firefox\Profiles\2nkpncol.default
95812430959AE88CDD0301AB3A71913B - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
A9C86900D2A61728C8326FE7147617C5 - C:\Arquivos de programas\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
5174E3BE46B2CCCDAF9CEB5B622CEA9B - C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll - Shockwave for Director / Shockwave for Director
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
A843FC35574ECFD9E7A41C5505A9921B - d:\Arquivos de programas\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lkemddiljapcmhicklfpcbpfffahfbja - C:\Documents and Settings\Loj@\Configura‡äes locais\Dados de aplicativos\Google\Chrome\User Data\Default\extensions\WebNavigation.crx[07/08/2012 21:11]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{F0D4EBA9-363A-43E5-9E39-2A570DDD6206} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_pt-BRBR564"

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on Users Desktops ======================

C:\Documents and Settings\Loj@\Desktop\Admaster.lnk - C:\Arquivos de programas\Admaster\Admaster.exe
C:\Documents and Settings\Loj@\Desktop\AGUA DOS APARTAMENTOS.lnk - C:\Documents and Settings\Loj@\Meus documentos\AGUA DOS APARTAMENTOS.xls
C:\Documents and Settings\Loj@\Desktop\aluguel 1.lnk - C:\Documents and Settings\Loj@\Meus documentos\VENDA LIQUIDA.xls
C:\Documents and Settings\Loj@\Desktop\aluguel 2.lnk - C:\Documents and Settings\Loj@\Meus documentos\DUPLICATAS.xls
C:\Documents and Settings\Loj@\Desktop\Argemiro Areas.lnk - D:\sicoob\Sicoob\Cedente.exe
C:\Documents and Settings\Loj@\Desktop\Loja.lnk - D:\sicoob\Sicoob02\Sicoob\Cedente.exe
C:\Documents and Settings\Loj@\Desktop\PDV-PAF.lnk - C:\Arquivos de programas\BalcãoPlus2\FrentePlus2.exe
C:\Documents and Settings\Loj@\Desktop\Photoshop.lnk - D:\PhotoShop CS4 PT-BR\Photoshop.exe
C:\Documents and Settings\Loj@\Desktop\RELATORIO CARTÕES.lnk -
C:\Documents and Settings\Loj@\Desktop\µTorrent.lnk -
C:\Documents and Settings\Loj@\Desktop\SUPORTE\Atualizar Admaster.lnk - C:\Arquivos de programas\Admaster\AtualizarAdmaster.exe
C:\Documents and Settings\Loj@\Desktop\SUPORTE\Backup Admaster.lnk - C:\Arquivos de programas\Admaster\Backup Admaster.exe
C:\Documents and Settings\Loj@\Desktop\SUPORTE\Gerenciador de Arquivos SIntegra.lnk - C:\Arquivos de programas\Admaster\SintegraFacil.exe
C:\Documents and Settings\Loj@\Desktop\SUPORTE\Reparador de Banco de Dados ADMaster.lnk - C:\Arquivos de programas\Admaster\Reparador Admaster.exe

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Desktop\ Google Earth.lnk - C:\Arquivos de programas\Google\Google Earth\client\googleearth.exe
C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk - D:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Documents and Settings\All Users\Desktop\CCleaner.lnk - D:\Arquivos de programas\CCleaner\ccleaner.exe
C:\Documents and Settings\All Users\Desktop\Central de Soluções HP.lnk -
C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk - D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk - D:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Desktop\O&O Defrag.lnk - C:\WINDOWS\Installer\{89E55086-6AF5-4C78-BC96-C9EBA300A4F5}\app_icon.ico
C:\Documents and Settings\All Users\Desktop\Skype.lnk - C:\WINDOWS\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Documents and Settings\All Users\Desktop\USB Disk Security.lnk - D:\Arquivos de programas\USB Disk Security\USBGuard.exe
C:\Documents and Settings\All Users\Desktop\Validador Sintegra 2013.lnk - D:\Arquivos de programas\Validador Sintegra 2013\ValidadorSintegra2013.exe
C:\Documents and Settings\All Users\Desktop\VLC media player.lnk - D:\Arquivos de programas\VideoLAN\VLC\vlc.exe

==== shortcuts in Users Start Menu ======================

C:\Documents and Settings\Loj@\Menu Iniciar\µTorrent.lnk -
C:\Documents and Settings\Loj@\Menu Iniciar\Programas\MP3Gain\MP3Gain Help.lnk - D:\Arquivos de programas\MP3Gain\MP3Gain.chm
C:\Documents and Settings\Loj@\Menu Iniciar\Programas\MP3Gain\MP3Gain.lnk - D:\Arquivos de programas\MP3Gain\MP3GainGUI.exe
C:\Documents and Settings\Loj@\Menu Iniciar\Programas\MP3Gain\Uninstall MP3Gain.lnk - D:\Arquivos de programas\MP3Gain\uninst-mp3gain.exe

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office Excel 2003.lnk - C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office PowerPoint 2003.lnk - C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office Word 2003.lnk - C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Scanner and Camera Wizard.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\O&O Defrag Tray.lnk - C:\WINDOWS\Installer\{89E55086-6AF5-4C78-BC96-C9EBA300A4F5}\app_icon.ico
C:\Documents and Settings\All Users\Menu Iniciar\Programas\O&O Software\O&O Defrag\O&O Defrag Help.lnk - D:\Arquivos de programas\OO Software\Defrag\oodpe.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\O&O Software\O&O Defrag\O&O Defrag.lnk - C:\WINDOWS\Installer\{89E55086-6AF5-4C78-BC96-C9EBA300A4F5}\app_icon.ico
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Skype\Skype.lnk - D:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\SP TimeSync\SP TimeSync.lnk - C:\WINDOWS\Installer\{F45E33EA-EFE6-43F5-8F05-F106467AE667}\_205A20BE9DA70DC11ACFDF.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\TeamViewer 9\License.lnk - D:\Arquivos de programas\TeamViewer\Version9\License.txt
C:\Documents and Settings\All Users\Menu Iniciar\Programas\TeamViewer 9\TeamViewer 9.lnk - D:\Arquivos de programas\TeamViewer\Version9\TeamViewer.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\TeamViewer 9\Uninstall TeamViewer 9.lnk - D:\Arquivos de programas\TeamViewer\Version9\uninstall.exe

==== shortcuts in Quick Launch ======================

C:\Documents and Settings\Loj@\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Loj@\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - D:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Loj@\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Loj@\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7 folders=8 18930072 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Loj@\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== EOF on sex 14/03/2014 at 12:55:45,48 ======================

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Loj@ on sex 14/03/2014 at 13:03:31,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on sex 14/03/2014 at 13:08:58,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

O PC está lento ainda ou não?

tá bem melhor, a lerdeza que ficou deve ser da "ruindade" dele mesmo rsrs

Só por segurança, faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
 
|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/3/2014)
~ Iniciado por Loj@ (14/3/2014 13:28:50)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 27.0.1
GCIE: Google Chrome v33.0.1750.146

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.3.350
Malwarebytes Anti-Malware versão 1.75.0.1300

---\\ Softwares d'optimização do sistema
CCleaner v4.11 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (78% free)
System Restore: Activé (Enable)
System drive C: has 6 GB (22%) free of 26 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LOJA
~ User Name: Loj@
~ All Users Names: SUPPORT_388945a0, Loj@, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Loj@\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Loj@\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Loj@\Desktop\
~ %Favorites% : C:\Documents and Settings\Loj@\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Loj@\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Loj@\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 6 Go of 26 Go)
D: Hard drive, Flash drive, Thumb drive (Free 18 Go of 49 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 13:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.F4F91D2FD893463A59AABF7289989F96] - (.Microsoft Corporation - Internet Extensions for Win32.) (.24/2/2014 - 17:05:28.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 13:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 06:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 05:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 12:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 03:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 12:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 05:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 05:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 06:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 06:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 06:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.21/9/2010 - 14:14:58.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 06:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 13:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 12:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/329
~ Mes musiques (My Musics) : 1/27
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 2/4766
~ Mon Bureau (My Desktop) : 0/163
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 05s



---\\ Processos lançados
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- D:\Avira\AntiVir Desktop\sched.exe [440400] [PID.1308]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- D:\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1756]
[MD5.B7E260F00988380F72FF06D2FE181D70] - (...) -- C:\Program Files\ASUS\Asus Probe\AsusProb.exe [617984] [PID.1812]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- D:\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.1824]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [54576] [PID.1864]
[MD5.F9635FE75BE6544CDE1E47BA0069A6DB] - (.O&O Software GmbH - O&O Defrag TrayIcon (Win32).) -- D:\Arquivos de programas\OO Software\Defrag\oodtray.exe [3246384] [PID.1892]
[MD5.11FF65D84AC822474074E21798B3967D] - (.Firebird Project - Firebird SQL Server.) -- C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe [81920] [PID.1924]
[MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.1984]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.2032]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.300]
[MD5.1BCB26A55B2E092FAA4DA01D9A3DE528] - (.Motorola Mobility LLC - MotoHelper Service.) -- C:\Arquivos de programas\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528] [PID.440]
[MD5.4B4CC323E2621D6FD0F538898D219F6C] - (.O&O Software GmbH - O&O Defrag Agent (Win32).) -- D:\Arquivos de programas\OO Software\Defrag\oodag.exe [1377072] [PID.532]
[MD5.CAA0C16ADCCE6142A43AD83BFA20B38B] - (.Motorola Mobility LLC - MotoHelperAgent.) -- C:\Arquivos de programas\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe [698680] [PID.596]
[MD5.2B29FD3AF7B4FEB272CD1F6EEC8FE4BA] - (.TeamViewer GmbH - TeamViewer 9.) -- d:\Arquivos de programas\TeamViewer\Version9\TeamViewer_Service.exe [4915040] [PID.1276]
[MD5.D004558CE39AA4F01F207627EECF4CFB] - (.TeamViewer GmbH - TeamViewer 9.) -- d:\Arquivos de programas\TeamViewer\Version9\TeamViewer.exe [12493152] [PID.2308]
[MD5.5CD05A591DC60886812D802E7E03A902] - (.TeamViewer GmbH - TeamViewer 9.) -- d:\Arquivos de programas\TeamViewer\Version9\tv_w32.exe [202592] [PID.2416]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- D:\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.2656]
[MD5.9A4B72D6C6874F1E47CD9B23C2503C0B] - (.Firebird Project - Firebird SQL Server.) -- C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe [2764800] [PID.2800]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8353792] [PID.1688]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41545534-2D56-3700-76A7-7A786E7484D7} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- D:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [AllUsers]: Central de Soluções HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- D:\Arquivos de programas\HP\Digital Imaging\bin\Hpqdirec.exe
O4 - GS\Desktop [AllUsers]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- D:\Arquivos de programas\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [AllUsers]: O&O Defrag.lnk . (...) -- C:\WINDOWS\Installer\{89E55086-6AF5-4C78-BC96-C9EBA300A4F5}\app_icon.ico
O4 - GS\Desktop [AllUsers]: USB Disk Security.lnk . (.Zbshareware Lab - USB Disk Security.) -- D:\Arquivos de programas\USB Disk Security\USBGuard.exe
O4 - GS\Desktop [AllUsers]: Validador Sintegra 2013.lnk . (.Secretaria da Fazenda do Estado do Rio Gran - No Comment.) -- D:\Arquivos de programas\Validador Sintegra 2013\ValidadorSintegra2013.exe
O4 - GS\Desktop [Loj@]: Admaster.lnk . (.Informatica - No Comment.) -- C:\Arquivos de programas\Admaster\Admaster.exe
O4 - GS\Desktop [Loj@]: AGUA DOS APARTAMENTOS.lnk . (...) -- C:\Documents and Settings\Loj@\Meus documentos\AGUA DOS APARTAMENTOS.xls
O4 - GS\Desktop [Loj@]: aluguel 1.lnk . (...) -- C:\Documents and Settings\Loj@\Meus documentos\VENDA LIQUIDA.xls
O4 - GS\Desktop [Loj@]: aluguel 2.lnk . (...) -- C:\Documents and Settings\Loj@\Meus documentos\DUPLICATAS.xls
O4 - GS\Desktop [Loj@]: Argemiro Areas.lnk . (...) -- D:\sicoob\Sicoob\Cedente.exe
O4 - GS\Desktop [Loj@]: Loja.lnk . (...) -- D:\sicoob\Sicoob02\Sicoob\Cedente.exe
O4 - GS\Desktop [Loj@]: PDV-PAF.lnk . (.MASTER - No Comment.) -- C:\Arquivos de programas\BalcãoPlus2\FrentePlus2.exe
O4 - GS\Desktop [Loj@]: Photoshop.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS4.) -- D:\PhotoShop CS4 PT-BR\Photoshop.exe =>.Adobe Systems Incorporated
O4 - GS\Desktop [Loj@]: RELATORIO CARTÕES.lnk . (...) -- C:\Documents and Settings\Loj@\Meus documentos\RELATORIO CARTÕES.xls
O4 - GS\Desktop [Loj@]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Loj@\Dados de aplicativos\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 26 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [ASUS Probe] . (...) -- C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- D:\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- d:\Arquivos de programas\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [OODefragTray] . (.O&O Software GmbH - O&O Defrag TrayIcon (Win32).) -- D:\Arquivos de programas\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] Chave orfã
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] Chave orfã
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] Chave orfã
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- D:\Arquivos de programas\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DA437E7-1295-4358-8A3E-5F4E3939A4EC}: DhcpNameServer = 192.168.2.1 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{2DA437E7-1295-4358-8A3E-5F4E3939A4EC}: DhcpNameServer = 192.168.2.1 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{2DA437E7-1295-4358-8A3E-5F4E3939A4EC}: DhcpNameServer = 192.168.2.1 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) . (.TeamViewer GmbH - TeamViewer 9.) - d:\Arquivos de programas\TeamViewer\Version9\TeamViewer_Service.exe
~ Services: 10 Legitimates Filtered in 00mn 05s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (aslm75) . (...) - C:\WINDOWS\system32\drivers\aslm75.sys
~ Drivers: 69 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: SP TimeSync 2.4 - (.Alexander Panchenko.) [HKLM] -- {F45E33EA-EFE6-43F5-8F05-F106467AE667}
O42 - Logiciel: SiSRaidPackage - (...) [HKLM] -- {08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}
O42 - Logiciel: Sistema de Venda PAFECF - (...) [HKLM] -- Sistema de Venda PAFECF
O42 - Logiciel: Validador Sintegra 5.2.16 - (.Secretaria da Fazenda do Estado do Rio Grande do Sul.) [HKLM] -- {169CEB91-BD47-46C1-A0EA-7943B0E667DA}_is1
~ Logic: 33 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Spacreat]
[HKLM\Software\KMB Electrical Calc]
~ Key Software: 379 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/3/2014 - 12:38:47 - [123,434] ----D C:\Arquivos de programas\Admaster
O43 - CFD: 14/3/2014 - 12:54:36 - [48,624] ----D C:\Arquivos de programas\BalcãoPlus2
O43 - CFD: 1/3/2014 - 09:29:08 - [0,586] ----D C:\Arquivos de programas\MegaJogos
O43 - CFD: 1/2/2013 - 15:38:51 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 4/2/2013 - 13:05:49 - [0] ----D C:\Arquivos de programas\TcpShow
O43 - CFD: 1/2/2013 - 15:38:17 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 1/2/2013 - 15:48:47 - [0,015] R---D C:\Documents and Settings\Loj@\Menu Iniciar\Programas\Acessórios
O43 - CFD: 4/2/2013 - 12:47:46 - [0,001] ----D C:\Documents and Settings\Loj@\Menu Iniciar\Programas\Infotec Sistemas
O43 - CFD: 1/2/2013 - 13:29:33 - [0] R---D C:\Documents and Settings\Loj@\Menu Iniciar\Programas\Inicializar
O43 - CFD: 29/5/2013 - 16:49:09 - [0,001] ----D C:\Documents and Settings\Loj@\Menu Iniciar\Programas\Sicoob
~ Program Folder: 127 Legitimates Filtered in 00mn 11s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.37BB5DF8F5E87FA75FB2E7B2AEE1E104] - 1/3/2014 - 08:21:58 ---A- . (...) -- C:\WINDOWS\SBWIN.INI [72]
O44 - LFC:[MD5.4BB493DFE0A86EA0CB018E7E834DBB38] - 10/3/2014 - 17:58:29 ---A- . (...) -- C:\back1032014175832.mdb [30754816]
O44 - LFC:[MD5.454E64A57CDE0FF9C131B859CDA6B7C9] - 10/3/2014 - 17:58:29 ---A- . (...) -- C:\backRXXV1032014175833.mdb [137216]
O44 - LFC:[MD5.FFEF45F28BA4701A47858E87945806AB] - 10/3/2014 - 17:58:29 ---A- . (...) -- C:\backpdv1032014175833.mdb [112640]
O44 - LFC:[MD5.3BBB533ECAB721A2299CBBD52434878A] - 11/3/2014 - 18:01:45 ---A- . (...) -- C:\back113201418148.mdb [40439808]
O44 - LFC:[MD5.7D99563E5C12B09A7D2B4322537C9137] - 11/3/2014 - 18:01:45 ---A- . (...) -- C:\backRXXV113201418150.mdb [137216]
O44 - LFC:[MD5.29A1216E3ECC73603C4AE98A1C2A499C] - 11/3/2014 - 18:01:45 ---A- . (...) -- C:\backpdv113201418150.mdb [110592]
O44 - LFC:[MD5.E80F172800C28D37AA0CBF7118C050EF] - 12/3/2014 - 09:16:51 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.DF80B7EA9482DC08D4234783215B33D5] - 12/3/2014 - 09:17:24 ---A- . (...) -- C:\WINDOWS\updspapi.log [3098]
O44 - LFC:[MD5.2EEEAD0487B8FD2AFEC1F526375A6228] - 12/3/2014 - 09:17:34 ---A- . (...) -- C:\WINDOWS\msmqinst.log [7746]
O44 - LFC:[MD5.231C3BE4AC55BA4F3543188FEC9339C0] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [24732]
O44 - LFC:[MD5.AACE87A45181D76C11E3F2DD641707BD] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [1700]
O44 - LFC:[MD5.DEE253C7EF3DD397243B6DC69E72E516] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\comsetup.log [8272]
O44 - LFC:[MD5.CA66CCA5D8A3A1ADE7A446304374A045] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\iis6.log [26560]
O44 - LFC:[MD5.9CE561017DB093FDF06E9A4E70F7256E] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.FD0A6E3E43486CF3EAFBB807A7F5E7C4] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\msgsocm.log [1236]
O44 - LFC:[MD5.CDFE483BEAE20BBC6C2A8BC6A9AA9DDF] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\netfxocm.log [4332]
O44 - LFC:[MD5.2A8B98128D59A3B0D1AB2A6DAC20598B] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [4988]
O44 - LFC:[MD5.21B27711DDDEAAEBDCFCB372F02135E3] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\ocgen.log [13444]
O44 - LFC:[MD5.F6C85F7B81DC12D7371203D2E2787684] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\ocmsn.log [1544]
O44 - LFC:[MD5.965C273A8E69FCAB3A6456649C58978B] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\tabletoc.log [1244]
O44 - LFC:[MD5.02D5A9E6AF50A72EE6AA404B90EAD204] - 12/3/2014 - 09:17:36 ---A- . (...) -- C:\WINDOWS\tsoc.log [11285]
O44 - LFC:[MD5.4A506F569F085771671082E28B19844C] - 12/3/2014 - 14:46:28 ---A- . (...) -- C:\DOWNLOAD.MFD [1092864]
O44 - LFC:[MD5.D295A8737F476451CE35C20E063E3EDC] - 12/3/2014 - 14:46:30 ---A- . (...) -- C:\SINTEGRA.TXT [93056]
O44 - LFC:[MD5.B967AB84A967E1BD799B8F08AC869416] - 12/3/2014 - 14:47:46 ---A- . (...) -- C:\sintegra_2.txt [13952]
O44 - LFC:[MD5.A7F613EB629AA572EF88F11745815512] - 12/3/2014 - 14:47:55 ---A- . (...) -- C:\TEMPSINTEGRA.TXT [38144]
O44 - LFC:[MD5.80BB1270228B2D61878A607DF2A49358] - 12/3/2014 - 17:57:16 ---A- . (...) -- C:\backpdv1232014175721.mdb [114688]
O44 - LFC:[MD5.79EF161549D02E34562927188CB4F7AA] - 12/3/2014 - 17:57:17 ---A- . (...) -- C:\back1232014175719.mdb [30722048]
O44 - LFC:[MD5.AF3D8DE476957A013CF964D1B27A5246] - 12/3/2014 - 17:57:17 ---A- . (...) -- C:\backRXXV1232014175721.mdb [137216]
O44 - LFC:[MD5.FBF6EAF46FC48D3BC74217B6FCB79C83] - 13/3/2014 - 15:48:40 ---A- . (...) -- C:\WINDOWS\system32\oodbs.lor [16492]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 13/3/2014 - 16:13:30 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.D2656F1DE14D942C3CF8D1308ECEE55E] - 13/3/2014 - 16:13:30 ---A- . (...) -- C:\WINDOWS\win.ini [845]
O44 - LFC:[MD5.5EB422853F8D6677F148C28FBA44E88D] - 13/3/2014 - 17:55:25 ---A- . (...) -- C:\WINDOWS\system32\pafecf.sys [12]
O44 - LFC:[MD5.F4F20B804B262E8DD22B0476982D8780] - 13/3/2014 - 17:55:26 ---A- . (...) -- C:\backpdv1332014175534.mdb [112640]
O44 - LFC:[MD5.0FA8B6CF5932A5942A620ECA17413121] - 13/3/2014 - 17:55:27 ---A- . (...) -- C:\back1332014175529.mdb [30656512]
O44 - LFC:[MD5.92DC4F6468E29C97082294334016B8F4] - 13/3/2014 - 17:55:27 ---A- . (...) -- C:\backRXXV1332014175534.mdb [137216]
O44 - LFC:[MD5.DDF2F3DD618981B69C16FC21D69C586A] - 14/3/2014 - 08:52:30 ---A- . (...) -- C:\WINDOWS\system32\ct.paf [159744]
O44 - LFC:[MD5.4986CB244BF67A1DD96801F9F8075007] - 14/3/2014 - 12:02:37 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [1324]
O44 - LFC:[MD5.453E5D8164D20702084394D068769A14] - 14/3/2014 - 12:27:55 ---A- . (...) -- C:\WINDOWS\system32\BemaFI32.ini [11834]
O44 - LFC:[MD5.414E6BEA9CAA4C3234F303B69E0BDCDB] - 14/3/2014 - 12:27:58 ---A- . (...) -- C:\Retorno.txt [384]
O44 - LFC:[MD5.E9DBE2DCC75840009410C1EB859615DD] - 14/3/2014 - 12:28:12 ---A- . (...) -- C:\vdaadmaster.sys [12]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 14/3/2014 - 12:39:38 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.85BC5B648B39F6D81DF0298064D3B898] - 14/3/2014 - 12:55:45 ---A- . (...) -- C:\zoek-results.log [15440]
O44 - LFC:[MD5.392B0D388763954583BA95243CEEE5C3] - 14/3/2014 - 12:56:27 ---A- . (...) -- C:\WINDOWS\wiaservc.log [0]
O44 - LFC:[MD5.4AF43F3FFC3504F8BC578FAD7D4D5EE8] - 14/3/2014 - 12:56:33 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.3C46E8A82B5B7E66BB7833D598B626F6] - 6/3/2014 - 17:55:39 ---A- . (...) -- C:\back632014175542.mdb [39260160]
O44 - LFC:[MD5.B6E4A1058C732151A4F8730730066713] - 6/3/2014 - 17:55:39 ---A- . (...) -- C:\backRXXV632014175543.mdb [137216]
O44 - LFC:[MD5.1F4EF1102325F3799C1C063E29BA28BD] - 6/3/2014 - 17:55:39 ---A- . (...) -- C:\backpdv632014175544.mdb [110592]
O44 - LFC:[MD5.19AC64090904FB1BB69872A398BF97C1] - 7/3/2014 - 17:59:54 ---A- . (...) -- C:\back732014175957.mdb [50024448]
O44 - LFC:[MD5.235CC09CF40FF6936D3DD93827533F96] - 7/3/2014 - 17:59:54 ---A- . (...) -- C:\backRXXV7320141800.mdb [137216]
O44 - LFC:[MD5.604BDB7C3FD2AAC322F14B16B39D9123] - 7/3/2014 - 17:59:54 ---A- . (...) -- C:\backpdv7320141800.mdb [118784]
O44 - LFC:[MD5.3BE7D794087524C871BFE13DFE268580] - 8/3/2014 - 12:02:55 ---A- . (...) -- C:\backpdv8320141230.mdb [118784]
O44 - LFC:[MD5.8AC7EB813DECB0479B26DDC1D0E6E748] - 8/3/2014 - 12:02:56 ---A- . (...) -- C:\back83201412258.mdb [30181376]
O44 - LFC:[MD5.4ABA20BECBF858DBE948CE15605DC3DA] - 8/3/2014 - 12:02:56 ---A- . (...) -- C:\backRXXV8320141230.mdb [137216]
~ Files: 87 Legitimates Filtered in 00mn 10s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{13425534-962e-11e2-b306-0013d447230d}\AutoRun\command. (...) -- G:\Setup.exe (.not file.)
O51 - MPSK:{38125484-4c7e-11e3-b3fb-0013d447230d}\AutoRun\command. (...) -- F:\MotorolaDeviceManagerSetup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\SiSRaid [Key] . (.SiS - Sraid Application.) -- C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.71356A1370739E25375A1D17B6AE318F] - 22/4/1997 - 09:16:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASLM75.SYS [6272]
O58 - SDL:[MD5.92B2274ED63913676F6B8D96EE61533D] - 24/6/2004 - 10:00:08 ---A- . (...) -- C:\WINDOWS\system32\Drivers\AsProbe.sys [6656]
O58 - SDL:[MD5.DE91D0D73C3E61E6826D98FAC2FAC729] - 28/1/2004 - 05:21:34 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS [5824]
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 21/9/2010 - 14:14:15 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.C32F01A2059360150B8165CB7CC2EDE3] - 23/3/2006 - 23:02:04 R--A- . (...) -- C:\WINDOWS\system32\Drivers\GVCplDrv.sys [17756]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/4/2008 - 03:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/10/2001 - 04:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.EBE8E50647D0EFEF0ABC8C2F717405D9] - 8/8/2003 - 17:00:28 ---A- . (.Windows (R) 2000 DDK provider - FileSpy Filter Driver.) -- C:\WINDOWS\system32\Drivers\sisidex.sys [32640]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 27/8/2012 - 13:50:24 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 21/9/2010 - 14:14:15 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 04:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/10/2001 - 04:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 28/10/2001 - 04:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.448BB2FE30F1DDE9EAA4F0E87B52B687] - 13/6/2011 - 15:08:54 ---A- . (.Logix4u - hwinterface.sys.) -- C:\WINDOWS\system32\hwinterface.sys [3026]
O58 - SDL:[MD5.009CFB3DEE2EEC6D4B7D3EBB5737ECF8] - 3/6/2013 - 12:34:10 ---A- . (...) -- C:\WINDOWS\system32\ins_p.sys [83]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/10/2001 - 04:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/4/2008 - 03:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 28/10/2001 - 04:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/10/2001 - 04:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/10/2001 - 04:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/10/2001 - 04:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/10/2001 - 04:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 13/4/2008 - 03:49:48 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 13/4/2008 - 03:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 13/4/2008 - 03:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 13/4/2008 - 03:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 13/4/2008 - 03:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
O58 - SDL:[MD5.5EB422853F8D6677F148C28FBA44E88D] - 13/3/2014 - 17:55:25 ---A- . (...) -- C:\WINDOWS\system32\pafecf.sys [12]
~ Drivers: 7 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 22/4/1997 - C:\WINDOWS\system32\drivers\aslm75.sys (aslm75) .(...) - LEGACY_ASLM75
O64 - Services: CurCS - 1/2/2011 - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe (FirebirdGuardianDefaultInstance) .(.Firebird Project - Firebird SQL Server.) - LEGACY_FIREBIRDGUARDIANDEFAULTINSTANCE
O64 - Services: CurCS - 8/8/2003 - C:\WINDOWS\system32\drivers\sisidex.sys (sisidex) .(.Windows (R) 2000 DDK provider - FileSpy Filter Driver.) - LEGACY_SISIDEX
~ Legacy: 136 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- D:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {F0D4EBA9-363A-43E5-9E39-2A570DDD6206} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "AE33E54F6EFE5F34F8501F6064A76E76" . (.SP TimeSync 2.4.) -- C:\WINDOWS\Installer\{F45E33EA-EFE6-43F5-8F05-F106467AE667}\_6FEFF9B68218417F98F549.exe
~ Update Products: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C04CC50D0A14E1C66E82268A8F79FA03] [WIS][2/2/2013] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\125f22.msi [522752]
~ WIS: 47 Legitimates Filtered in 00mn 03s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/3/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 22/2/2006 405504 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SS - | Auto 21/2/2006 520192 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe
SS - | Disabled 12/12/1999 44032 | (Creative Service for CDROM Access) . (.Creative Technology Ltd.) - C:\WINDOWS\system32\CTsvcCDA.exe
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Disabled 1/2/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Disabled 1/2/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 15/2/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - D:\Arquivos de programas\Skype\Updater\Updater.exe

SR - | Auto 13/3/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - D:\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/3/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - D:\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 1/2/2011 81920 | (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
SR - | Demand 1/2/2011 2764800 | (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
SR - | Demand 13/4/2008 14336 | D:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 13/4/2008 14336 | D:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 18/12/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 31/7/2013 137528 | (Motorola Device Manager) . (.Motorola Mobility LLC.) - C:\Arquivos de programas\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
SR - | Auto 13/4/2008 14336 | C:\WINDOWS\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 1/10/2013 1377072 | (OODefragAgent) . (.O&O Software GmbH.) - D:\Arquivos de programas\OO Software\Defrag\oodag.exe
SR - | Auto 13/4/2008 14336 | C:\WINDOWS\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 17/2/2014 4915040 | (TeamViewer9) . (.TeamViewer GmbH.) - d:\Arquivos de programas\TeamViewer\Version9\TeamViewer_Service.exe

~ Services: Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13031 - (12/3/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 195139 Items scanned in 00mn 24s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 24s



~ 927 Legitimates filtered by white list
End of the scan (523 lines in 01mn 20s)(0)

 Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em negrito abaixo para ser analisado:
C:\WINDOWS\system32\ins_p.sys

E assim que a análise dele tiver sido concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo.
___________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

Link:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

======================================================================

Rapport de ZHPFix 2014.3.12.3 par Nicolas Coolman, Update du 12/03/2014
Fichier d'export Registre :
Run by Loj@ at 14/3/2014 13:57:06
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: CLSID Extra Buttons: {e2e2dd38-d088-4134-82b7-f2ba38496583}
ELIMINÉ CLSID MPSK: {13425534-962e-11e2-b306-0013d447230d}
ELIMINÉ CLSID MPSK: {38125484-4c7e-11e3-b3fb-0013d447230d}

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {41545534-2D56-3700-76A7-7A786E7484D7}
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ELIMINÉ RunValue: _nltide_2
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (117) (2.492.687 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Outros ==========
NÃO-TRATADO ____________


========== Recapitulativo ==========
3 : Chaves do Registo
9 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
1 : Outros


End of clean in 00mn 08s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Loj@\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 14/3/2014 13:57:09 [1498]

Como está o PC?

muito bom, bem mais esperto!!

  Fico feliz que o problema tenha sido resolvido.

 Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

  Foi um prazer ajudar. Conte sempre conosco!

eu que agradeço!!! muito obrigadO!!!    

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.