Computador muito lento

Olá pessoal, estou precisando de ajuda com meu computador.
Ele esta muito lento, já fiz algumas varreduras com o cclear, mas ainda sim ainda esta um pouco lento.
podem me ajudar

  Olá piter.

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

nao estou conseguinto, ja baixei o programa mas só aparece exportar e uma mensagem, como faço.

Grato a atenção.

 Vá no menu:  Iniciar > Todos os programas > ZHP > ZHPDiag

|- Clique em "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

olá, desculpa.
consegui.
aqui o relatório.

~ Relatório do ZHPDiag v2014.5.11.60 - Nicolas Coolman (11/05/2014)
~ Iniciado por piter (11/05/2014 16:59:50)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16843
MFIE: Mozilla Firefox 28.0
OPIE: Opera vStable 20.0.1387.82 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
McAfee Internet Security v12.8.944
Windows Defender W8

---\\ Softwares d'optimização do sistema
CCleaner v4.13

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3536 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 152 GB (68%) free of 223 GB

---\\ Modo de conexão ao sistema
~ Computer Name: FAMILIA
~ User Name: piter
~ All Users Names: piter, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\piter\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\piter\AppData\Roaming\
~ %Desktop% : C:\Users\piter\Desktop\
~ %Favorites% : C:\Users\piter\Favorites\
~ %LocalAppData% : C:\Users\piter\AppData\Local\
~ %StartMenu% : C:\Users\piter\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 152 Go of 223 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 05:13:41.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.06/11/2012 - 00:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2270
~ Mes musiques (My Musics) : 9/60
~ Mes Videos (My Videos) : 1/337
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/1921
~ Mon Bureau (My Desktop) : 1/115
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 10s



---\\ Processos lançados
[MD5.7AFF1C22E8BC6D8181053FC3590FD0F2] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe [718208] [PID.936]
[MD5.286D7DD84BE298C1C9FA0423292131DA] - (.TODO: - Posibar.) -- C:\Positivo\Deskmedia\Posibar\Posibar.exe [1011512] [PID.5072]
[MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.4868]
[MD5.61E22A327D20737529E5DDAD904BDD7B] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [8704] [PID.1404]
[MD5.224F6B374852153C8C24BED141AE3A20] - (...) -- ysWOW64\rundll32.exe [0] [PID.1448]
[MD5.82683411C04A7E11C93628A32A8B80F7] - (.Google Inc. - Google Update Setup.) -- C:\Program Files (x86)\Google\GoogleUpdateSetup_1.3.21.123.exe [763232] [PID.3532]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\GUM710B.tmp\GoogleUpdate.exe [116648] [PID.3812]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.3812]
[MD5.9139FCBB16F26E297E488C25D5265990] - (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe [46144352] [PID.4472]
[MD5.7D37478966359E90243CF5F978FC2591] - (...) -- C:\Program Files (x86)\Opera\20.0.1387.82\opera_crashreporter.exe [1380704] [PID.5856]
[MD5.4593394B063EA7447F864444DB48C4AB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7874048] [PID.2816]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\piter\AppData\Roaming\Mozilla\Firefox\Profiles\bx3w36eg.default\prefs.js
M0 - MFSP: prefs.js [piter - bx3w36eg.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [piter]: Beamrise.lnk . (...) -- C:\Users\piter\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O4 - GS\TaskBar [piter]: Mobogenie.lnk . (...) -- C:\Program Files (x86)\Mobogenie\Mobogenie.exe (.not file.) =>PUP.Mobogenie
~ Global Startup: 2 Legitimates Filtered in 00mn 03s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Deskmedia] . (...) -- C:\Positivo\Deskmedia\GerenciadorLocal.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (.Positivo Informática SA - Gerenciador de Inicialização Positivo.) -- C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [SmartProtect] . (...) -- C:\ProgramData\SmartProtect\SmartProtect.exe
O4 - HKCU\..\Run: [ihbxfqvgua] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [avxjmlwuuf] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKUS\S-1-5-21-3068380739-4077408158-771156261-1001\..\Run: [SmartProtect] . (...) -- C:\ProgramData\SmartProtect\SmartProtect.exe
O4 - HKUS\S-1-5-21-3068380739-4077408158-771156261-1001\..\Run: [ihbxfqvgua] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-3068380739-4077408158-771156261-1001\..\Run: [avxjmlwuuf] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-3068380739-4077408158-771156261-1001\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CCF0E29-734B-4D23-9492-2732C7268115}: NameServer = 200.220.227.56 200.142.130.202
O17 - HKLM\System\CCS\Services\Tcpip\..\{332F1136-C6A3-4327-99D5-AB3FF93512F0}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{8CCF0E29-734B-4D23-9492-2732C7268115}: NameServer = 200.220.227.56 200.142.130.202
O17 - HKLM\System\CS1\Services\Tcpip\..\{332F1136-C6A3-4327-99D5-AB3FF93512F0}: DhcpNameServer = 8.8.8.8 8.8.4.4
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: DeskmediaService (DeskmediaService) . (...) - C:\Positivo\Deskmedia\DeskmediaService.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: PSafeLockBoxSvc (PSafeLockBoxSvc) . (.PSafe - PSafe CategoryFinder.) - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC (PSafeSVC) . (.PSafe S/A - PSafe-SVC.) - C:\Program Files (x86)\PSafe\PSafesvc.exe
O23 - Service: PSafeWD (PSafeWD) . (.PSafe - PSafeWD.) - C:\Program Files (x86)\PSafe\PSafeWD.exe
~ Services: 26 Legitimates Filtered in 00mn 13s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [{079D3620-9C18-42BB-96BD-9041A720B129}] (...) -- C:\Users\piter\Documents\topicos elet\FluidSIM-Pneum tica\Uninstal.exe (.not file.) [0]
[MD5.5F66EA2512618072955D9148A3BBCD5C] [APT] [{092F9DD5-4979-4B6A-8494-83EB7EC3D706}] (...) -- C:\Program Files (x86)\Labcenter Electronics\Proteus 7 Professional\USB Drivers\installer.exe [94208]
[MD5.00000000000000000000000000000000] [APT] [{BFE5AA5F-D09B-45F6-9F70-B8BF5F942AA5}] (...) -- C:\Users\piter\AppData\Local\BeamriseUninstall\Bootstrapper{1.Y2VqPwRP.100}.exe (.not file.) [0] =>Hijacker.Beamrise
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1078]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [868]
O39 - APT: APT: - (..) -- C:\Windows\System32\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [868] - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d [870]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 19s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 44 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Beamrise - (.Beamrise.) [HKCU][64Bits] -- Beamrise =>Hijacker.Beamrise
O42 - Logiciel: Driver 1.3.1 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.9.2 - (.OEM.) [HKLM][64Bits] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: Installer Package - (...) [HKLM][64Bits] -- Resume
O42 - Logiciel: Vivo 3G - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 26 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares Music]
[HKCU\Software\Ares-BackupByAresPortable]
[HKCU\Software\Ares]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\Deskmedia]
[HKCU\Software\Moeller]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Deskmedia]
[HKLM\Software\SoilIO]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Vivo 3G]
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch
~ Key Software: 183 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2013 - 00:59:14 - [] ----D C:\Program Files (x86)\Ares Music
O43 - CFD: 26/04/2014 - 22:54:32 - [] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/05/2014 - 16:17:35 - [] ----D C:\Program Files (x86)\GUM710B.tmp
O43 - CFD: 11/05/2014 - 15:02:05 - [] ----D C:\Program Files (x86)\SupportInfo
O43 - CFD: 11/05/2014 - 16:26:12 - [] ----D C:\Program Files (x86)\Vivo 3G
O43 - CFD: 21/04/2014 - 12:26:42 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/05/2014 - 16:03:14 - [] --H-D C:\ProgramData\SmartProtect
O43 - CFD: 24/03/2014 - 19:55:14 - [] ----D C:\Users\piter\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/04/2014 - 23:07:24 - [] ----D C:\Users\piter\AppData\Roaming\InstallW
O43 - CFD: 26/04/2014 - 22:32:51 - [0] ----D C:\Users\piter\AppData\Roaming\rmi
O43 - CFD: 02/04/2014 - 00:44:12 - [] ----D C:\Users\piter\AppData\Local\Ares
O43 - CFD: 26/05/2013 - 01:11:20 - [] ----D C:\Users\piter\AppData\Local\AresBackup
~ Program Folder: 130 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 11/05/2014 - 15:19:10 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.504E5969F3C0B26684E93B384037118C] - 11/05/2014 - 16:07:58 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.1859AFDEBAF666DCD3E93BF0C5E730AF] - 11/05/2014 - 16:07:58 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 26/04/2014 - 21:23:02 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
~ Files: 26 Legitimates Filtered in 02mn 46s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/08/2010 - 15:59:12 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:03/12/2009 - 09:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [13816]
O58 - SDL:03/12/2009 - 09:04:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [13304]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 59 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {B599AE56-C4C7-4261-BB42-816C30DB4EB7} - (Pesquisa Segura) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SS - | Demand 07/08/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 11/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/01/2012 332080 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Auto 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 21/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 04/07/2012 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 19/08/2013 159544 | (DeskmediaService) . (...) - C:\Positivo\Deskmedia\DeskmediaService.exe
SR - | Auto 11/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 128896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 28/01/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 21/01/2014 1025712 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 17/03/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 17/03/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 24/08/2012 1074440 | (PSafeLockBoxSvc) . (.PSafe.) - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
SR - | Auto 24/08/2012 1447176 | (PSafeSVC) . (.PSafe S/A.) - C:\Program Files (x86)\PSafe\PSafesvc.exe
SR - | Auto 24/08/2012 30472 | (PSafeWD) . (.PSafe.) - C:\Program Files (x86)\PSafe\PSafeWD.exe
SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 16s



---\\ Scâner Aditional (088)
Database Version : 13045 - (11/05/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 7

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Beamrise] =>Hijacker.Beamrise^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\piter\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch^
C:\Windows\KMService.exe =>Hijacker.Windows
~ Additionnel Scan: 183838 Items scanned in 00mn 44s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Mobogenie
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Windows
~ MSI: 5 link(s) detected in 00mn 00s



~ 585 Legitimates filtered by white list
End of the scan (450 lines in 05mn 15s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Ola Max. Desculpa, fiquei sem internet ontem.

Mas continuando. Aqui esta o relatório.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by piter at 12/05/2014 20:38:27
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: Service: PSafeLockBoxSvc
ELIMINÉ: Service: PSafeSVC
ELIMINÉ: Service: PSafeWD
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\baidu
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Beamrise

========== Valores do Registo ==========
ELIMINÉ RunValue: SynTPEnh
ELIMINÉ RunValue: SmartProtect
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\piter\appdata\roaming\microsoft\internet explorer\quick launch\beamrise.lnk
ELIMINA REINICIAR: c:\programdata\smartprotect\smartprotect.exe
ELIMINA REINICIAR: c:\program files (x86)\psafe\psafecategoryfinder.exe
ELIMINÉ: c:\program files (x86)\psafe\psafecategoryfinder.exe
ELIMINÉ Temporários windows (144) (62.388.076 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: {079D3620-9C18-42BB-96BD-9041A720B129}
ELIMINÉ: {BFE5AA5F-D09B-45F6-9F70-B8BF5F942AA5}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
14 : Chaves do Registo
8 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
6 : Ficheiros
1 : Preferências do navegador
3 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 58s

========== Caminho do ficheiro do relatório ==========
C:\Users\piter\AppData\Roaming\ZHP\ZHPFix[R1].txt - 12/05/2014 20:38:31 [2454]

 Vá novamente no menu:  Iniciar > Todos os programas > ZHP > ZHPDiag

|- Clique em "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

aqui o relatório.

~ Relatório do ZHPDiag v2014.5.11.60 - Nicolas Coolman (11/05/2014)
~ Iniciado por piter (12/05/2014 20:58:31)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16843
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)
OPIE: Opera vStable 20.0.1387.82

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
McAfee Internet Security v12.8.944
Windows Defender W8

---\\ Softwares d'optimização do sistema
CCleaner v4.13

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3536 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 151 GB (67%) free of 223 GB

---\\ Modo de conexão ao sistema
~ Computer Name: FAMILIA
~ User Name: piter
~ All Users Names: piter, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\piter\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\piter\AppData\Roaming\
~ %Desktop% : C:\Users\piter\Desktop\
~ %Favorites% : C:\Users\piter\Favorites\
~ %LocalAppData% : C:\Users\piter\AppData\Local\
~ %StartMenu% : C:\Users\piter\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 151 Go of 223 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 05:13:41.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.06/11/2012 - 00:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2270
~ Mes musiques (My Musics) : 9/61
~ Mes Videos (My Videos) : 1/337
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/1921
~ Mon Bureau (My Desktop) : 1/117
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 06s



---\\ Processos lançados
[MD5.7AFF1C22E8BC6D8181053FC3590FD0F2] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe [718208] [PID.2808]
[MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.4872]
[MD5.03CADA6731282D1C2FB2332B02542EBA] - (...) -- C:\Program Files (x86)\Vivo 3G\Vivo 3G.exe [8201728] [PID.4688]
[MD5.D3D9EC1861F9311CF58655FFB5BE11D0] - (...) -- C:\Program Files (x86)\Vivo 3G\CMUpdater.exe [673280] [PID.3916]
[MD5.286D7DD84BE298C1C9FA0423292131DA] - (.TODO: - Posibar.) -- C:\Positivo\Deskmedia\Posibar\Posibar.exe [1011512] [PID.3520]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.5536]
[MD5.4593394B063EA7447F864444DB48C4AB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7874048] [PID.5468]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\piter\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\piter\AppData\Roaming\Mozilla\Firefox\Profiles\bx3w36eg.default\prefs.js
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Deskmedia] . (...) -- C:\Positivo\Deskmedia\GerenciadorLocal.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (.Positivo Informática SA - Gerenciador de Inicialização Positivo.) -- C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe
O4 - HKCU\..\Run: [ihbxfqvgua] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [avxjmlwuuf] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [SmartProtect] . (...) -- C:\ProgramData\SmartProtect\SmartProtect.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKUS\S-1-5-21-3068380739-4077408158-771156261-1001\..\Run: [ihbxfqvgua] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-3068380739-4077408158-771156261-1001\..\Run: [avxjmlwuuf] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-3068380739-4077408158-771156261-1001\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-3068380739-4077408158-771156261-1001\..\Run: [SmartProtect] . (...) -- C:\ProgramData\SmartProtect\SmartProtect.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CCF0E29-734B-4D23-9492-2732C7268115}: NameServer = 200.220.227.56 200.142.130.202
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7832492-00F5-4DA0-81DE-46003DB0DCD9}: NameServer = 187.100.246.251 187.100.246.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{332F1136-C6A3-4327-99D5-AB3FF93512F0}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{8CCF0E29-734B-4D23-9492-2732C7268115}: NameServer = 200.220.227.56 200.142.130.202
O17 - HKLM\System\CS1\Services\Tcpip\..\{E7832492-00F5-4DA0-81DE-46003DB0DCD9}: NameServer = 187.100.246.251 187.100.246.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{332F1136-C6A3-4327-99D5-AB3FF93512F0}: DhcpNameServer = 8.8.8.8 8.8.4.4
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: DeskmediaService (DeskmediaService) . (...) - C:\Positivo\Deskmedia\DeskmediaService.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
~ Services: 24 Legitimates Filtered in 00mn 10s



---\\ Tarefas planificadas automaticamente (039)
[MD5.5F66EA2512618072955D9148A3BBCD5C] [APT] [{092F9DD5-4979-4B6A-8494-83EB7EC3D706}] (...) -- C:\Program Files (x86)\Labcenter Electronics\Proteus 7 Professional\USB Drivers\installer.exe [94208]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1078]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [868]
O39 - APT: APT: - (..) -- C:\Windows\System32\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [868] - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d [870]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s



---\\ Software instalados (042)
O42 - Logiciel: Driver 1.3.1 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.9.2 - (.OEM.) [HKLM][64Bits] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: Installer Package - (...) [HKLM][64Bits] -- Resume
O42 - Logiciel: ONDA All 5.41.8882 - (.ONDA.) [HKLM][64Bits] -- {9397E0AA-05AA-4F46-8C23-242B963BEB1C}
O42 - Logiciel: Vivo 3G - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 25 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares Music]
[HKCU\Software\Ares-BackupByAresPortable]
[HKCU\Software\Ares]
[HKCU\Software\Beamrise] =>Hijacker.Beamrise
[HKCU\Software\Deskmedia]
[HKCU\Software\Moeller]
[HKCU\Software\Orolix]
[HKLM\Software\Deskmedia]
[HKLM\Software\SoilIO]
[HKLM\Software\Wow6432Node\Orolix]
[HKLM\Software\Wow6432Node\Vivo 3G]
~ Key Software: 179 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2013 - 00:59:14 - [] ----D C:\Program Files (x86)\Ares Music
O43 - CFD: 11/05/2014 - 22:14:21 - [] ----D C:\Program Files (x86)\ONDA
O43 - CFD: 12/05/2014 - 20:22:11 - [] ----D C:\Program Files (x86)\SupportInfo
O43 - CFD: 11/05/2014 - 22:17:43 - [] ----D C:\Program Files (x86)\TIM Communicator
O43 - CFD: 12/05/2014 - 20:22:16 - [] ----D C:\Program Files (x86)\Vivo 3G
O43 - CFD: 11/05/2014 - 22:14:44 - [] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 12/05/2014 - 20:38:25 - [] --H-D C:\ProgramData\SmartProtect
O43 - CFD: 26/04/2014 - 23:07:24 - [] ----D C:\Users\piter\AppData\Roaming\InstallW
O43 - CFD: 26/04/2014 - 22:32:51 - [0] ----D C:\Users\piter\AppData\Roaming\rmi
O43 - CFD: 02/04/2014 - 00:44:12 - [] ----D C:\Users\piter\AppData\Local\Ares
O43 - CFD: 26/05/2013 - 01:11:20 - [] ----D C:\Users\piter\AppData\Local\AresBackup
~ Program Folder: 130 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 11/05/2014 - 15:19:10 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.BA6C47B994A7619B0A6ED39392F98E0B] - 12/05/2014 - 20:22:11 ---A- . (...) -- C:\Windows\ZTEInstallInfo.log [16078]
O44 - LFC:[MD5.504E5969F3C0B26684E93B384037118C] - 12/05/2014 - 20:23:21 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.1859AFDEBAF666DCD3E93BF0C5E730AF] - 12/05/2014 - 20:23:21 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
~ Files: 16 Legitimates Filtered in 00mn 35s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{66aae0cd-d93e-11e3-beaf-80ee734da3be}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{66aae0dd-d93e-11e3-beaf-80ee734da3be}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{66aae117-d93e-11e3-beaf-80ee734da3be}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{66aae2f7-d93e-11e3-beaf-80ee734da3be}\AutoRun\command. (...) -- E:\Windows\AutoRun.exe (.not file.)
O51 - MPSK:{e7994039-7e0a-11e2-be78-80ee734da3be}\AutoRun\command. (...) -- E:\Windows\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 24s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:21/10/2011 - 16:36:50 ---A- . (.ONDA - CDC ACM and OBEX Class Driver.) -- C:\Windows\System32\Drivers\onda_cdc_acm.sys [79872]
O58 - SDL:21/10/2011 - 16:36:50 ---A- . (.ONDA - CDC ECM Class Driver.) -- C:\Windows\System32\Drivers\onda_cdc_ecm.sys [60416]
O58 - SDL:21/10/2011 - 16:36:50 ---A- . (.ONDA - DC Class Enumerator Driver.) -- C:\Windows\System32\Drivers\onda_ecm_enum.sys [56832]
O58 - SDL:21/10/2011 - 16:36:50 ---A- . (.ONDA - DC Class Enumerator Driver.) -- C:\Windows\System32\Drivers\onda_ecm_enum_filter.sys [56832]
O58 - SDL:19/08/2010 - 15:59:12 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:03/12/2009 - 09:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [13816]
O58 - SDL:03/12/2009 - 09:04:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [13304]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 68 Legitimates Filtered in 00mn 08s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {B599AE56-C4C7-4261-BB42-816C30DB4EB7} - (Pesquisa Segura) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 07/08/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 12/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/01/2012 332080 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Auto 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 21/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 04/07/2012 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 19/08/2013 159544 | (DeskmediaService) . (...) - C:\Positivo\Deskmedia\DeskmediaService.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 128896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 28/01/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 21/01/2014 1025712 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 17/03/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 17/03/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 05/10/2011 32672 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 15s



---\\ Scâner Aditional (088)
Database Version : 13045 - (11/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKCU\Software\Beamrise] =>Hijacker.Beamrise^
C:\Windows\KMService.exe =>Hijacker.Windows
~ Additionnel Scan: 183478 Items scanned in 00mn 45s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Windows
~ MSI: 3 link(s) detected in 00mn 00s



~ 554 Legitimates filtered by white list
End of the scan (441 lines in 03mn 08s)(0)

ola.

Ainda estão aí.

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

aqui o relatorio

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by piter at 12/05/2014 22:07:04
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\Beamrise
ELIMINÉ CLSID MPSK: {66aae0cd-d93e-11e3-beaf-80ee734da3be}
ELIMINÉ CLSID MPSK: {66aae0dd-d93e-11e3-beaf-80ee734da3be}
ELIMINÉ CLSID MPSK: {66aae117-d93e-11e3-beaf-80ee734da3be}
ELIMINÉ CLSID MPSK: {66aae2f7-d93e-11e3-beaf-80ee734da3be}
ELIMINÉ CLSID MPSK: {e7994039-7e0a-11e2-be78-80ee734da3be}

========== Valores do Registo ==========
ELIMINÉ RunValue: SmartProtect
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\programdata\smartprotect\smartprotect.exe
ELIMINÉ Temporários windows (5) (21.635 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
6 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 11s

========== Caminho do ficheiro do relatório ==========
C:\Users\piter\AppData\Roaming\ZHP\ZHPFix[R1].txt - 12/05/2014 20:38:31 [2534]
C:\Users\piter\AppData\Roaming\ZHP\ZHPFix[R2].txt - 12/05/2014 22:07:07 [1601]

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

TÓPICO ARQUIVADO

Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.