PC com cavalo de tróia, muitas propagandas e possiveis adwares

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:37:33, on 07/05/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
C:\Users\Dorianna\AppData\Local\fst_br_125\upfst_br_125.exe
C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
C:\Users\Dorianna\AppData\Local\Genesis\Genesis.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Users\Dorianna\AppData\Roaming\VIVO INTERNET\ouc.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\windows\WebCam\S6000\S6000Mnt.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrchMn.exe
C:\Program Files (x86)\fst_br_125\fst_br_125.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
E:\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {cc2e2b99-14d3-4516-883c-9ea147f594ef} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Toolbar BHO - {27488090-768a-4d20-a938-f223f71c344c} - C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbar.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Search Assistant BHO - {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrcAs.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O3 - Toolbar: Zwinky - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Zwinky EPM Support] "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qmedint.exe" T8EPMSUP.DLL,S
O4 - HKLM\..\Run: [Zwinky Search Scope Monitor] "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [Zwinky_5q Browser Plugin Loader] C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon.exe
O4 - HKLM\..\Run: [Zwinky_5q Browser Plugin Loader 64] C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon64.exe
O4 - HKLM\..\Run: [DApp] C:\Program Files\PCDApp\start.vbs
O4 - HKLM\..\Run: [fst_br_125] "C:\Program Files (x86)\fst_br_125\fst_br_125.exe"
O4 - HKLM\..\RunOnce: [upfst_br_125.exe] C:\Users\Dorianna\AppData\Local\fst_br_125\upfst_br_125.exe -runonce
O4 - HKCU\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [genesis] "c:\users\dorianna\appdata\local\genesis\genesis.exe" /r
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{6848F6F8-EC53-4B82-90C5-0BAEDB535D32}: NameServer = 200.169.117.221 200.169.117.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Claro. OUC (Claro. RunOuc) - Unknown owner - C:\Program Files (x86)\Claro\UpdateDog\ouc.exe
O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\Program Files\PCDApp\StartHelp.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Service Component of VO (vosr) - Unknown owner - C:\Users\Dorianna\AppData\Roaming\VOPackage\VOsrv.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZwinkyService (Zwinky_5qService) - COMPANYVERS_NAME - C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbarsvc.exe

--
End of file - 11533 bytes

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.207 - Relatório criado 07/05/2014 às 19:57:07
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language (64 bits)
# Usuário : Dorianna - DORIANA
# Executando de : C:\Users\Dorianna\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : CltMngSvc
Serviço Deletada : vosr
Serviço Deletada : Zwinky_5qService

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Ask
[!] Pasta Deletada : C:\ProgramData\Claro
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Pasta Deletada : C:\Program Files (x86)\AnyProtectEx
Pasta Deletada : C:\Program Files (x86)\Claro
Pasta Deletada : C:\Program Files (x86)\Freeven pro 1.2
Pasta Deletada : C:\Program Files (x86)\iMesh Applications
Pasta Deletada : C:\Program Files (x86)\MediaPlayerplus
Pasta Deletada : C:\Program Files (x86)\Optimizer Pro
Pasta Deletada : C:\Program Files (x86)\RegClean Pro
Pasta Deletada : C:\Program Files (x86)\ScanTack
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Program Files (x86)\Zwinky_5q
Pasta Deletada : C:\Program Files (x86)\fst_br_125
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Genesis
Pasta Deletada : C:\Users\Dorianna\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Zwinky_5q
Pasta Deletada : C:\Users\Dorianna\AppData\Local\fst_br_125
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Temp\AskSearch
Pasta Deletada : C:\Users\Dorianna\AppData\LocalLow\Zwinky_5q
Pasta Deletada : C:\Users\Dorianna\AppData\LocalLow\Zwinky_5qEI
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\Optimizer Pro
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\Dorianna\Documents\Optimizer Pro
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgpbjjcdccinnndjdgmegndbmhbgglb
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
Arquivo Deletada : C:\windows\System32\roboot64.exe
Arquivo Deletada : C:\Users\Dorianna\AppData\Roaming\aps.scan.quick.results
Arquivo Deletada : C:\Users\Dorianna\AppData\Roaming\aps.scan.results
Arquivo Deletada : C:\Users\Dorianna\AppData\Roaming\aps.uninstall.scan.results
Arquivo Deletada : C:\Users\Dorianna\Desktop\Continue VuuPC Installation.lnk
Arquivo Deletada : C:\Users\Dorianna\Desktop\Optimizer Pro.lnk
Arquivo Deletada : C:\windows\Tasks\APSnotifierPP1.job
Arquivo Deletada : C:\windows\System32\Tasks\APSnotifierPP1
Arquivo Deletada : C:\windows\Tasks\APSnotifierPP2.job
Arquivo Deletada : C:\windows\System32\Tasks\APSnotifierPP2
Arquivo Deletada : C:\windows\Tasks\APSnotifierPP3.job
Arquivo Deletada : C:\windows\System32\Tasks\APSnotifierPP3
Arquivo Deletada : C:\windows\System32\Tasks\RegClean Pro
Arquivo Deletada : C:\windows\Tasks\RegClean Pro_DEFAULT.job
Arquivo Deletada : C:\windows\System32\Tasks\RegClean Pro_DEFAULT
Arquivo Deletada : C:\windows\Tasks\RegClean Pro_UPDATES.job
Arquivo Deletada : C:\windows\System32\Tasks\RegClean Pro_UPDATES
Arquivo Deletada : C:\windows\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-2.job
Arquivo Deletada : C:\windows\System32\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-2
Arquivo Deletada : C:\windows\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-4.job
Arquivo Deletada : C:\windows\System32\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-4
Arquivo Deletada : C:\windows\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-5.job
Arquivo Deletada : C:\windows\System32\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-5
Arquivo Deletada : C:\windows\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-7.job
Arquivo Deletada : C:\windows\System32\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-7
Arquivo Deletada : C:\windows\Tasks\d2834d00-aad2-4352-b74a-0f61289b7e44-7.job
Arquivo Deletada : C:\windows\System32\Tasks\d2834d00-aad2-4352-b74a-0f61289b7e44-7

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [genesis]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.FeedManager
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.FeedManager.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLMenu
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLMenu.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLPanel
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLPanel.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.MultipleButton
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.MultipleButton.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.PseudoTransparentPlugin
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.PseudoTransparentPlugin.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.Radio
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.Radio.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.RadioSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.RadioSettings.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.ScriptButton
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.ScriptButton.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.SettingsPlugin
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.SettingsPlugin.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.ThirdPartyInstaller
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.ThirdPartyInstaller.1
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@Zwinky_5q.com/Plugin
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_br_125]
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054253.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054253.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054253.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054253.Sandbox.1
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Zwinky_5q Browser Plugin Loader]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Zwinky_5q Browser Plugin Loader 64]
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00FB52B5-0779-46DD-AFC6-C6EB55F21A26}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{076A9B45-DE24-4CDF-89BE-716C279B3B55}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{27488090-768A-4D20-A938-F223F71C344C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3033124F-06BF-4829-873A-310A125B4D4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{35DAB87A-026F-4503-B5F1-6774E16EAFFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{61789F17-B8ED-4867-BA4A-DC19DAC8EF5B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{70658616-D7AE-4F31-BD19-4F1775792E9B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E0AE9C4-366B-43F2-91FF-329D170BC335}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8C775DBE-2382-4EAB-A48A-6859C3B9EF29}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A00289B5-2C16-4EC7-9780-2B56977ADC65}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D675A74C-29F6-4AA7-A098-66373D746CB9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DA4EBFA0-6BA0-4E18-817F-304B4192C393}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F2E03ADB-A325-4084-BA22-2F2260F6A90F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F346CF98-FA03-4E7A-81B6-EB19B718F9C1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F90EAF3D-6A09-4FAF-A84C-E6E91F97561B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FBC663ED-1560-421B-BD71-F5B94DCEA09C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422253}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425553}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426653}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{06CEAB46-0EFC-479A-B66B-AB6B11E1138A}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{15496D19-91EA-4930-9150-B24A27FE3DE1}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3B82BA62-32FD-4623-BB38-464D186E7453}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4A8AE59A-2F19-4777-B0B4-177188AB839B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{644413C0-4090-4A84-BC29-DC69E91A7D73}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{782D4CC0-74AE-41B6-B445-3D4C23AE6B9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A283A85F-ED85-43CE-9199-952A2D106802}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{B2828F8B-EDAF-4A77-974E-78AE784A9AA3}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{B6CC4C24-962F-4314-9358-C998FD4B4288}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{BD48A3C7-5201-4093-AB66-04BD35BAC3D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424453}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27488090-768A-4D20-A938-F223F71C344C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27488090-768A-4D20-A938-F223F71C344C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3033124F-06BF-4829-873A-310A125B4D4C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{27488090-768A-4D20-A938-F223F71C344C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3033124F-06BF-4829-873A-310A125B4D4C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{076A9B45-DE24-4CDF-89BE-716C279B3B55}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{35DAB87A-026F-4503-B5F1-6774E16EAFFA}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C775DBE-2382-4EAB-A48A-6859C3B9EF29}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A00289B5-2C16-4EC7-9780-2B56977ADC65}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61789F17-B8ED-4867-BA4A-DC19DAC8EF5B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7695996F-9846-4A09-A037-632E45737712}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B803084B-B069-485E-B5D0-F9A6D318AF02}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3033124F-06BF-4829-873A-310A125B4D4C}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3033124F-06BF-4829-873A-310A125B4D4C}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC2E2B99-14D3-4516-883C-9EA147F594EF}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{27488090-768A-4D20-A938-F223F71C344C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{3033124F-06BF-4829-873A-310A125B4D4C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422253}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425553}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426653}
Chave Deletedo : HKCU\Software\AnyProtect
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\genesis
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\ScanTack
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\Zwinky_5q
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\Freeven pro 1.2
Chave Deletedo : HKCU\Software\AppDataLow\Software\MediaPlayerplus
Chave Deletedo : HKCU\Software\AppDataLow\Software\Zwinky_5q
Chave Deletedo : HKLM\Software\FREE_SOFT_TODAY
Chave Deletedo : HKLM\Software\Freeven pro 1.2
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\MediaPlayerplus
Chave Deletedo : HKLM\Software\ScanTack
Chave Deletedo : HKLM\Software\SearchProtect
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\V9Software
Chave Deletedo : HKLM\Software\Zwinky_5q
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeven pro 1.2
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerplus
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_br_125_is1
Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions
Chave Deletedo : [x64] HKLM\SOFTWARE\V9Software
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanTack
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
Deletedo [Extension] : dmgpbjjcdccinnndjdgmegndbmhbgglb
Deletedo [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh
Deletedo [Extension] : majjphhgppkndjjkmhhnbgafooenebhd

*************************

AdwCleaner[R0].txt - [20417 octets] - [07/05/2014 19:54:47]
AdwCleaner[S0].txt - [18912 octets] - [07/05/2014 19:57:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18973 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Ao reinicializar aparece essa mensagem da imagem em anexo, já estava assim.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Dorianna on 07/05/2014 at 20:20:56,69.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dorianna\Desktop\zoek.pif [Scan all users] [Script inserted]

==== System Restore Info ======================

07/05/2014 20:24:26 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1933325971-1488101800-2260149476-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-1933325971-1488101800-2260149476-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2C6F0B46-4737-4F48-9A88-F5D7821C951B} deleted successfully
HKEY_USERS\S-1-5-21-1933325971-1488101800-2260149476-1002\Software\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\boost_interprocess deleted
C:\Users\Dorianna\AppData\Local\nsz69F4.tmp deleted
C:\Users\Dorianna\AppData\Roaming\unins000.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF" [02/05/2014 09:14]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx[11/03/2014 17:44]

Norton Identity Protection - Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Wallet - Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=21.0.0.100"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=21.0.0.100"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Dorianna\Desktop\banda encantus - Atalho.lnk - E:\banda encantus
C:\Users\Dorianna\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Dorianna\Desktop\solimar II - Atalho.lnk - E:\solimar II

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Construir_7Ano.lnk - C:\windows\Installer\{79A763E5-61ED-44EB-AA08-123A311691C0}\Menu_7ano.exe1_0C4B3A25B12C4464903264AEB0DB61BE.exe
C:\Users\Public\Desktop\Freemake Video Downloader.lnk - C:\Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader.exe
C:\Users\Public\Desktop\Guia Vivo Internet.lnk - C:\Program Files (x86)\Vivo\Guia Vivo Internet\Guia Vivo Internet\Guia Vivo Internet.hta
C:\Users\Public\Desktop\Kantoo English.lnk -  
C:\Users\Public\Desktop\Nokia Suite.lnk - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Users\Public\Desktop\Nuvem de Livros.lnk -  
C:\Users\Public\Desktop\Segurança Online.lnk -  
C:\Users\Public\Desktop\VIVO INTERNET.lnk - C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe /help
C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Downloader.lnk - C:\Program Files (x86)\Freemake\Freemake Video Downloader\Uninstall\unins000.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Educandus e Editora Construir - 7º Ano\construir7Ano\Construir_7Ano.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Quick Codec Config.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=intro,audio_config,various_tweaks,filter_config,dsfilter_management,sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\All options.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Generate log with system information.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=generate_log
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage ACM and VFW codecs.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=codec_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage DirectShow filters.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=dsfilter_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage preferred DirectShow source filters.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\SysWOW64\rundll32.exe vsfilter.dll,DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\SysWOW64\rundll32.exe ffdshow.ax,configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow DXVA video decoder.lnk - C:\Windows\SysWOW64\rundll32.exe ffdshow.ax,configureDXVA
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\SysWOW64\rundll32.exe ff_vfw.dll,configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\SysWOW64\rundll32.exe ffdshow.ax,configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk - C:\Windows\SysWOW64\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=reset_settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe {C204438D-6E1A-4309-B09C-0C0F749863AF}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid encoder.lnk - C:\Windows\SysWOW64\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\graphstudio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\uistub.exe /win8

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (3).lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Excel 2007.lnk - C:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office PowerPoint 2007.lnk - C:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007.lnk - C:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\uistub.exe /win8
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\yu gi oh.lnk - C:\Users\Dorianna\Documents\DORIANA\James\Yu-Gi-Oh Power of Chaos Common\yu gi oh.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dorianna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dorianna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=1 2561465 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Dorianna\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Dorianna\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 07/05/2014 at 21:19:22,52 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by Dorianna on 07/05/2014 at 21:42:15,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zwinky search scope monitor



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511421146}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511421146}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\claro"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/05/2014 at 22:09:08,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.5.7.56 - Nicolas Coolman (07/05/2014)
~ Iniciado por Dorianna (07/05/2014 22:16:46)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16863 (Defaut)
GCIE: Google Chrome v34.0.1847.131

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Norton Internet Security v21.2.0.38
Windows Defender W8

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1738 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 195 GB (69%) free of 283 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DORIANA
~ User Name: Dorianna
~ All Users Names: Dorianna, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Dorianna\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Dorianna\AppData\Roaming\
~ %Desktop% : C:\Users\Dorianna\Desktop\
~ %Favorites% : C:\Users\Dorianna\Favorites\
~ %LocalAppData% : C:\Users\Dorianna\AppData\Local\
~ %StartMenu% : C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 195 Go of 283 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.06/12/2012 - 09:01:07.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.06/12/2012 - 08:45:32.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1575
~ Mes musiques (My Musics) : 9/133
~ Mes Videos (My Videos) : 1/38
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 4/5046
~ Mon Bureau (My Desktop) : 1/562
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 14s



---\\ Processos lançados
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2424]
[MD5.FFFDC3764DB05234261AAF79246B3A1E] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1709072] [PID.1888]
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\Dorianna\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.2092]
[MD5.97B71A2897FF23B44144254A70379266] - (.No owner - HotKey.) -- C:\Program Files (x86)\Hotkey\Hotkey.exe [4738560] [PID.1324]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.3364]
[MD5.015B7CE6EB11010BD245170012F7A9E6] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.2616]
[MD5.A51CED67E552E6F8FEEF17A1311C1391] - (.Alcor - Monitor Function.) -- C:\windows\WebCam\S6000\S6000Mnt.exe [79224] [PID.3380]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.2800]
[MD5.C4160567128FCFC1DCA1693369B62DFE] - (.Symantec Corporation - Norton Internet Security.) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376] [PID.2744]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.4944]
[MD5.E6DA875D24C3774E045499F6BFA76F30] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7873024] [PID.2328]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Dorianna\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: CrossriderApp0054246 [64Bits] - {11111111-1111-1111-1111-110511421146} Chave orfã =>PUP.CrossRider
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [BOOTINAUDIT] C:\sw_util\scripts\model_cust.cmd (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Zwinky Home Page Guard 64 bit] C:\Program Files (x86)\ZWINKY~2\bar\1.bin\AppIntegrator64.exe (.not file.)
O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [S6000Mnt] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Zwinky EPM Support] C:\Program Files (x86)\ZWINKY~2\bar\1.bin\5qmedint.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [DApp] . (...) -- C:\Program Files\PCDApp\start.vbs =>Trojan.BitCoinMiner
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6848F6F8-EC53-4B82-90C5-0BAEDB535D32}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC73AF7-E70B-420C-993F-662D56650B0E}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6848F6F8-EC53-4B82-90C5-0BAEDB535D32}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{FCC73AF7-E70B-420C-993F-662D56650B0E}: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Claro. OUC (Claro. RunOuc) . (...) - C:\Program Files (x86)\Claro\UpdateDog\ouc.exe (.not file.)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: (PowerBiosServer) . (.No owner - PowerBiosServer.) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: Protect Monitor (ProtectMonitor) . (...) - C:\Program Files\PCDApp\StartHelp.exe =>Trojan.BitCoinMiner
~ Services: 10 Legitimates Filtered in 00mn 17s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 15s



---\\ Software instalados (042)
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: PC Data App - (...) [HKLM][64Bits] -- PCData App =>Trojan.BitCoinMiner
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: construir7Ano - (.Educandus e Editora Construir - 7º Ano.) [HKLM][64Bits] -- {79A763E5-61ED-44EB-AA08-123A311691C0}
~ Logic: 29 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\PCDataApp]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Freeven pro 1.2] =>PUP.Freeven
[HKLM\Software\Wow6432Node\PCDataApp]
~ Key Software: 214 Legitimates Filtered in 00mn 02s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/04/2014 - 14:52:57 - [] ----D C:\Program Files (x86)\Educandus e Editora Construir - 7º Ano
O43 - CFD: 15/02/2014 - 09:31:27 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 15/02/2014 - 09:31:10 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 03/05/2014 - 00:10:14 - [] ----D C:\Users\Dorianna\AppData\Roaming\VIVO INTERNET
~ Program Folder: 132 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D613D20679E255CF2FAE07E8174D7B63] - 07/05/2014 - 19:37:35 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [558392]
O44 - LFC:[MD5.377CABAA624F3F5EB17B55CE598439DC] - 07/05/2014 - 19:37:35 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [1156182]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 07/05/2014 - 21:06:40 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.B9B8EBC6C20E459AE5CAD238EABCCF13] - 07/05/2014 - 21:19:22 ---A- . (...) -- C:\zoek-results.log [20412]
~ Files: 15 Legitimates Filtered in 00mn 13s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{09f69732-9656-11e3-be7c-6c71d9239790}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{67f92c58-95be-11e3-be7b-6c71d9239790}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{f32da6c2-8edb-11e3-be6c-6c71d9239790}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{f32da724-8edb-11e3-be6c-6c71d9239790}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:08/10/2010 - 05:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:05/08/2010 - 20:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:12/07/2012 - 14:14:06 ---A- . (.Windows (R) Win 7 DDK provider - AVStream Simulated Hardware Sample.) -- C:\Windows\System32\Drivers\S6000KNT.sys [3555456]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:06/03/2014 - 07:18:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 61 Legitimates Filtered in 00mn 07s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D15ABCB112345C7C9BDA8F4897E08B78] [SPRF][30/04/2014] (...) -- C:\Users\Dorianna\AppData\Roaming\unins000.dat [33691]
[MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][07/05/2014] (...) -- C:\Users\Dorianna\Desktop\AdwCleaner.exe [1316991]
[MD5.DCF741DF9F654F5A2C1BEC789F53AEB3] [SPRF][08/03/2014] (...) -- C:\Users\Dorianna\Desktop\zoek.com [1414742]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.F0331DC93B0E29C97541425F4BDA60EE] [WIS][19/04/2014] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\5e434f.msi [28672] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 05s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
~ BTK: 57 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}] (MediaPlayerplus) =>PUP.CrossRider
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 4888 Legitimates Filtered in 00mn 24s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 10/07/1658 0 | (Claro. RunOuc) . (...) - C:\Program Files (x86)\Claro\UpdateDog\ouc.exe
SS - | Auto 19/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 28/04/2014 97002 | (ProtectMonitor) . (...) - C:\Program Files\PCDApp\StartHelp.exe =>Trojan.BitCoinMiner
SS - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 06/12/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 08/08/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 12/03/2014 108032 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 12/03/2014 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 12/03/2014 276376 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
SR - | Auto 13/09/2012 45568 | (PowerBiosServer) . (...) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 28s



---\\ Scâner Aditional (088)
Database Version : 13045 - (07/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 6

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}] =>PUP.CrossRider^
[HKLM\SYSTEM\CurrentControlSet\Services\ProtectMonitor] =>Trojan.BitCoinMiner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCData App] =>Trojan.BitCoinMiner^
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511421146}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:DApp =>Trojan.BitCoinMiner^
O2 - BHO: CrossriderApp0054246 [64Bits] - {11111111-1111-1111-1111-110511421146} Chave orfã =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Freeven pro 1.2] =>PUP.Freeven^
C:\Windows\Installer\5e434f.msi =>Toolbar.Google^
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}] (MediaPlayerplus) =>PUP.CrossRider^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 199229 Items scanned in 01mn 13s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.BitCoinMiner
~ MSI: 2 link(s) detected in 00mn 00s



~ 579 Legitimates filtered by white list
End of the scan (417 lines in 03mn 58s)(0)

 Envie este arquivo para análise no site Virus Total e poste o link com o resultado:
C:\Program Files (x86)\Claro\UpdateDog\ouc.exe
______________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

Estou tentando enviar o arquivo para o vírus total mas não lembro mas como se faz.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Dorianna at 07/05/2014 22:48:25
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 09s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\pcdapp\uninstaller.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PCData App]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
ELIMINÉ: Service: ProtectMonitor
ELIMINÉ: HKCU\Software\PCDataApp
ELIMINÉ: HKLM\Software\Wow6432Node\Freeven pro 1.2
ELIMINÉ: HKLM\Software\Wow6432Node\PCDataApp
ELIMINÉ CLSID MPSK: {09f69732-9656-11e3-be7c-6c71d9239790}
ELIMINÉ CLSID MPSK: {67f92c58-95be-11e3-be7b-6c71d9239790}
ELIMINÉ CLSID MPSK: {f32da6c2-8edb-11e3-be6c-6c71d9239790}
ELIMINÉ CLSID MPSK: {f32da724-8edb-11e3-be6c-6c71d9239790}
ELIMINÉ:* HKCR\CLSID\{11111111-1111-1111-1111-110511421146}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ELIMINÉ RunValue: BOOTINAUDIT
ELIMINÉ RunValue: Zwinky Home Page Guard 64 bit
ELIMINÉ RunValue: S6000Mnt
ELIMINÉ RunValue: Zwinky EPM Support
ELIMINÉ RunValue: DApp
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (120) (1.981.478 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
12 : Chaves do Registo
12 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Softwares
1 : Restauração Sistema


End of clean in 00mn 33s

========== Caminho do ficheiro do relatório ==========
C:\Users\Dorianna\AppData\Roaming\ZHP\ZHPFix[R1].txt - 07/05/2014 22:48:35 [2227]

Este tutorial abaixo mostra como fazer o envio de arquivo ao Virus Total:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Poste também um novo log do ZHP.

não achei aquele arquivo.

~ Relatório do ZHPDiag v2014.5.7.56 - Nicolas Coolman (07/05/2014)
~ Iniciado por Dorianna (07/05/2014 22:56:30)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16863 (Defaut)
GCIE: Google Chrome v34.0.1847.131

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Norton Internet Security v21.2.0.38
Windows Defender W8

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1738 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 195 GB (68%) free of 283 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DORIANA
~ User Name: Dorianna
~ All Users Names: Dorianna, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Dorianna\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Dorianna\AppData\Roaming\
~ %Desktop% : C:\Users\Dorianna\Desktop\
~ %Favorites% : C:\Users\Dorianna\Favorites\
~ %LocalAppData% : C:\Users\Dorianna\AppData\Local\
~ %StartMenu% : C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 195 Go of 283 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.06/12/2012 - 09:01:07.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.06/12/2012 - 08:45:32.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1575
~ Mes musiques (My Musics) : 9/133
~ Mes Videos (My Videos) : 1/38
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 4/5046
~ Mon Bureau (My Desktop) : 1/563
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 09s



---\\ Processos lançados
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2424]
[MD5.FFFDC3764DB05234261AAF79246B3A1E] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1709072] [PID.1888]
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\Dorianna\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.2092]
[MD5.97B71A2897FF23B44144254A70379266] - (.No owner - HotKey.) -- C:\Program Files (x86)\Hotkey\Hotkey.exe [4738560] [PID.1324]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.3364]
[MD5.015B7CE6EB11010BD245170012F7A9E6] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.2616]
[MD5.A51CED67E552E6F8FEEF17A1311C1391] - (.Alcor - Monitor Function.) -- C:\windows\WebCam\S6000\S6000Mnt.exe [79224] [PID.3380]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.2800]
[MD5.C4160567128FCFC1DCA1693369B62DFE] - (.Symantec Corporation - Norton Internet Security.) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376] [PID.2744]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.4876]
[MD5.E6DA875D24C3774E045499F6BFA76F30] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7873024] [PID.4580]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 04s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Dorianna\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 7 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6848F6F8-EC53-4B82-90C5-0BAEDB535D32}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC73AF7-E70B-420C-993F-662D56650B0E}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6848F6F8-EC53-4B82-90C5-0BAEDB535D32}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{FCC73AF7-E70B-420C-993F-662D56650B0E}: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Claro. OUC (Claro. RunOuc) . (...) - C:\Program Files (x86)\Claro\UpdateDog\ouc.exe (.not file.)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: (PowerBiosServer) . (.No owner - PowerBiosServer.) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
~ Services: 9 Legitimates Filtered in 00mn 13s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 13s



---\\ Software instalados (042)
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: construir7Ano - (.Educandus e Editora Construir - 7º Ano.) [HKLM][64Bits] -- {79A763E5-61ED-44EB-AA08-123A311691C0}
~ Logic: 28 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 209 Legitimates Filtered in 00mn 02s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/04/2014 - 14:52:57 - [] ----D C:\Program Files (x86)\Educandus e Editora Construir - 7º Ano
O43 - CFD: 15/02/2014 - 09:31:27 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 15/02/2014 - 09:31:10 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 03/05/2014 - 00:10:14 - [] ----D C:\Users\Dorianna\AppData\Roaming\VIVO INTERNET
~ Program Folder: 132 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D613D20679E255CF2FAE07E8174D7B63] - 07/05/2014 - 19:37:35 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [558392]
O44 - LFC:[MD5.377CABAA624F3F5EB17B55CE598439DC] - 07/05/2014 - 19:37:35 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [1156182]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 07/05/2014 - 21:06:40 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.B9B8EBC6C20E459AE5CAD238EABCCF13] - 07/05/2014 - 21:19:22 ---A- . (...) -- C:\zoek-results.log [20412]
~ Files: 15 Legitimates Filtered in 00mn 08s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:08/10/2010 - 05:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:05/08/2010 - 20:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:12/07/2012 - 14:14:06 ---A- . (.Windows (R) Win 7 DDK provider - AVStream Simulated Hardware Sample.) -- C:\Windows\System32\Drivers\S6000KNT.sys [3555456]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:06/03/2014 - 07:18:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 61 Legitimates Filtered in 00mn 06s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D15ABCB112345C7C9BDA8F4897E08B78] [SPRF][30/04/2014] (...) -- C:\Users\Dorianna\AppData\Roaming\unins000.dat [33691]
[MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][07/05/2014] (...) -- C:\Users\Dorianna\Desktop\AdwCleaner.exe [1316991]
[MD5.DCF741DF9F654F5A2C1BEC789F53AEB3] [SPRF][08/03/2014] (...) -- C:\Users\Dorianna\Desktop\zoek.com [1414742]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.F0331DC93B0E29C97541425F4BDA60EE] [WIS][19/04/2014] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\5e434f.msi [28672] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
~ BTK: 57 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 4886 Legitimates Filtered in 00mn 26s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 10/07/1658 0 | (Claro. RunOuc) . (...) - C:\Program Files (x86)\Claro\UpdateDog\ouc.exe
SS - | Auto 19/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 06/12/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 08/08/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 12/03/2014 108032 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 12/03/2014 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 12/03/2014 276376 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
SR - | Auto 13/09/2012 45568 | (PowerBiosServer) . (...) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 29s



---\\ Scâner Aditional (088)
Database Version : 13045 - (07/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

C:\Windows\Installer\5e434f.msi =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 199161 Items scanned in 01mn 19s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 573 Legitimates filtered by white list
End of the scan (381 lines in 03mn 38s)(0)

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

C:\Program Files (x86)\Claro\UpdateDog\ouc.exe;virustotal

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Dorianna on 07/05/2014 at 23:19:09,59.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dorianna\Desktop\zoek.pif [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-08-001922.log 20412 bytes

==== VirusTotal Scan ======================

C:\Program Files (x86)\Claro\UpdateDog\ouc.exe not found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=1 2561465 bytes)

==== EOF on 07/05/2014 at 23:21:24,35 ======================

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Dorianna at 07/05/2014 23:27:48
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 01s)

========== Chaves do Registo ==========
ELIMINÉ: Service: Claro. RunOuc

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (4) (161.412 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 02s

========== Caminho do ficheiro do relatório ==========
C:\Users\Dorianna\AppData\Roaming\ZHP\ZHPFix[R1].txt - 07/05/2014 22:48:35 [2310]
C:\Users\Dorianna\AppData\Roaming\ZHP\ZHPFix[R2].txt - 07/05/2014 23:27:49 [1042]

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

O FRST64 já gerou os relatórios mas ainda está rodando.

Poste então eles para a gente ver

Parou, segue os relatórios em anexo.

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Execute o FRST64. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-05-2014 01
Ran by Dorianna at 2014-05-08 00:31:54 Run:1
Running from C:\Users\Dorianna\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
2014-04-30 22:51 - 2014-05-07 22:48 - 00000000 ____D () C:\Program Files\PCDApp
Zwinky Internet Explorer Toolbar (HKLM-x32\...\Zwinky_5qbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network)
Task: {0CE5F341-4EAC-4C8E-BF05-8CAB160D50CD} - \58ca19a3-7453-414d-9a34-2a6d788be601-4 No Task File <==== ATTENTION
Task: {21CFB840-797C-4DDB-BCCF-49367415A864} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {6606B049-570C-49A9-8342-77CA76B042D0} - \58ca19a3-7453-414d-9a34-2a6d788be601-7 No Task File <==== ATTENTION
Task: {7D70D8B7-EE58-4689-801B-678BA3338760} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {89A2D102-79BD-4DAC-A13C-539A80F7C18B} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: {9D3C45A0-6EA8-48DC-B183-91A7C5DF5E9C} - \58ca19a3-7453-414d-9a34-2a6d788be601-2 No Task File <==== ATTENTION
Task: {BF5EAB7B-35AF-4C5F-9266-E67953168A34} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {C2765259-72F4-4B4B-9091-41DBD60D2FC2} - \RegClean Pro No Task File <==== ATTENTION
Task: {E8676E36-0E0D-47C9-A8EE-42803DB84372} - \58ca19a3-7453-414d-9a34-2a6d788be601-5 No Task File <==== ATTENTION
Task: {E9A59A1C-07AB-4140-BE2F-544B20D0E95A} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {EFA5164E-3D4B-40B9-8E08-CE2D77FE3B85} - \d2834d00-aad2-4352-b74a-0f61289b7e44-7 No Task File <==== ATTENTION
end
*****************

C:\Program Files\PCDApp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CE5F341-4EAC-4C8E-BF05-8CAB160D50CD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CE5F341-4EAC-4C8E-BF05-8CAB160D50CD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\58ca19a3-7453-414d-9a34-2a6d788be601-4 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21CFB840-797C-4DDB-BCCF-49367415A864} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21CFB840-797C-4DDB-BCCF-49367415A864} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6606B049-570C-49A9-8342-77CA76B042D0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6606B049-570C-49A9-8342-77CA76B042D0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\58ca19a3-7453-414d-9a34-2a6d788be601-7 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D70D8B7-EE58-4689-801B-678BA3338760} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D70D8B7-EE58-4689-801B-678BA3338760} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89A2D102-79BD-4DAC-A13C-539A80F7C18B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89A2D102-79BD-4DAC-A13C-539A80F7C18B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D3C45A0-6EA8-48DC-B183-91A7C5DF5E9C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D3C45A0-6EA8-48DC-B183-91A7C5DF5E9C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\58ca19a3-7453-414d-9a34-2a6d788be601-2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF5EAB7B-35AF-4C5F-9266-E67953168A34} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF5EAB7B-35AF-4C5F-9266-E67953168A34} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2765259-72F4-4B4B-9091-41DBD60D2FC2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2765259-72F4-4B4B-9091-41DBD60D2FC2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8676E36-0E0D-47C9-A8EE-42803DB84372} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8676E36-0E0D-47C9-A8EE-42803DB84372} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\58ca19a3-7453-414d-9a34-2a6d788be601-5 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9A59A1C-07AB-4140-BE2F-544B20D0E95A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9A59A1C-07AB-4140-BE2F-544B20D0E95A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFA5164E-3D4B-40B9-8E08-CE2D77FE3B85} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFA5164E-3D4B-40B9-8E08-CE2D77FE3B85} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d2834d00-aad2-4352-b74a-0f61289b7e44-7 => Key deleted successfully.

==== End of Fixlog ====

Como está o PC?

Desde os primeiros procedimentos ele melhorou, desabilitei agora programas iniciados como windows e irei fazer umas limpezas.