navegadores lentos

navegadores depois de limpezas ficam bons, mas aos poucos começa a ficar lento denovo, videos travam,etc..

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:35:41, on 27/08/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\cesar\Downloads\HijackThis (4).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SysWOW64\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\SysWOW64\userinit.exe,
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [uTorrent] "C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\cesar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [TapinRadio] "C:\Program Files (x86)\TapinRadio\TapinRadio.exe" /show=minimizedtotray
O8 - Extra context menu item: E&xport to Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Paragon APM service (apmwinsrv) - Unknown owner - C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\WINDOWS\System32\appdrvrem01.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - Unknown owner - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10241 bytes

Olá.

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Iniciado por cesar (28/08/2014 10:48:16)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17239 (Defaut)
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v37.0.2062.94
OPIE: Opera vStable 23.0.1522.77

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
ESET Online Scanner v3
Windows Defender W8 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.17

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3673 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 40 GB (21%) free of 186 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA
~ User Name: cesar
~ All Users Names: HomeGroupUser$, helen_000, Convidado, cesar, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\cesar\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\cesar\AppData\Roaming\
~ %Desktop% : C:\Users\cesar\Desktop\
~ %Favorites% : C:\Users\cesar\Favorites\
~ %LocalAppData% : C:\Users\cesar\AppData\Local\
~ %StartMenu% : C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 40 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 141 Go of 258 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.18/04/2014 - 17:03:22.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.8E71A5CB5312B8392D4DA4CA37BB5868] - (.Microsoft Corporation - Internet Extensions para Win32.) (.25/07/2014 - 07:52:06.) -- C:\Windows\System32\wininet.dll [2266624]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.18/04/2014 - 17:03:21.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 07:18:19.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.7A1A3F213CDB3363D179D5014272025D] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.30/04/2014 - 03:41:46.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.18/04/2014 - 17:03:21.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.18/03/2014 - 06:44:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/13
~ Mes Videos (My Videos) : 2/91
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/1234
~ Mon Bureau (My Desktop) : 2/12714
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 55s



---\\ Processos lançados
[MD5.3433CF435F84B24965A8202118F41A7A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe [1322832] [PID.5108] =>P2P.BitTorrent
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.2848]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.4568]
[MD5.23075147F62C896784C66D706F38360E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328504] [PID.2152]
[MD5.B7BCA8A30CE13A283CDBDECEF5616C39] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192] [PID.4704]
[MD5.97202E9C0D86387888435470CCAF45BE] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [192000] [PID.644]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.5380]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.1748]
[MD5.7C58A2513C3DA421A461D75C66C56D21] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1123536] [PID.1844]
[MD5.498622161649098034DA1893F00E9762] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.4548]
[MD5.1D5AC29D84222D8BBC5D056BB65738AA] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808] [PID.1224]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.3460]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] 6A1DF650E71DBE7331ABFDFE3FDEC4CEB340713282EE788F752200633C9A746B
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [iklgpchfbohgmghgfagediakopecfmbm] videos MediaPlay-Air v.1.26.77, (Désactivé) =>PUP.CrossRider
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 21 Legitimates Filtered in 00mn 15s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (19)
~ Hosts File: Scanned in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [cesar]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 08s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\cesar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKCU\..\Run: [TapinRadio] . (.Raimersoft - Internet Radio Application.) -- C:\Program Files (x86)\TapinRadio\TapinRadio.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\cesar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [TapinRadio] . (.Raimersoft - Internet Radio Application.) -- C:\Program Files (x86)\TapinRadio\TapinRadio.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Paragon APM service (apmwinsrv) . (...) - C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
~ Services: 7 Legitimates Filtered in 00mn 18s



---\\ Tarefas planificadas automaticamente (039)
[MD5.F1B0727B60E512B48A167A4429D3B3BD] [APT] [Opera scheduled Autoupdate 1395609193] (.Opera Software.) -- C:\Program Files (x86)\Opera\launcher.exe [468088]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1004Core [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1004UA [954]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1076]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 16s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (appdrv01) . (.Protection Technology - Application Driver (01).) - C:\Windows\System32\Drivers\appdrv01.sys
~ Drivers: 44 Legitimates Filtered in 00mn 02s



---\\ Software instalados (042)
O42 - Logiciel: Battle vs. Chess - (.Zuxxez Entertainment.) [HKLM][64Bits] -- Battle vs. Chess_is1
O42 - Logiciel: Brutal Chess - (...) [HKLM][64Bits] -- Brutal Chess
O42 - Logiciel: FeelThere E-Jets v.2 - (...) [HKCU][64Bits] -- FeelThere E-Jets v.2
O42 - Logiciel: Free Zip Viewer - (.Free Zip Viewer.) [HKLM][64Bits] -- Free Zip Viewer
~ Logic: 30 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Brutal Chess]
[HKCU\Software\Tribo Gamer]
[HKCU\Software\Zuxxezz]
[HKLM\Software\Wow6432Node\97834587-c78a-474c-95cb-a46d964a1a7b]
[HKLM\Software\Wow6432Node\9a18ee66-230d-49ee-be76-f7aae1d47cb0]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\Shortcut_Module]
[HKLM\Software\Wow6432Node\Zuxxez]
[HKLM\Software\Wow6432Node\videos MediaPlay-Air-738f] =>PUP.CrossRider
~ Key Software: 277 Legitimates Filtered in 00mn 03s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/04/2014 - 20:53:13 - [] ----D C:\Program Files (x86)\Brutal Chess
O43 - CFD: 24/05/2014 - 12:13:37 - [] ----D C:\Program Files (x86)\Free Zip Viewer
O43 - CFD: 13/06/2014 - 12:28:16 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 13/04/2014 - 13:42:01 - [] ----D C:\Program Files (x86)\Zuxxez
O43 - CFD: 24/05/2014 - 12:13:37 - [] ----D C:\Users\cesar\AppData\Local\Free Zip Viewer
O43 - CFD: 18/04/2014 - 17:40:12 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brutal Chess
O43 - CFD: 04/06/2014 - 12:23:36 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FeelThere
O43 - CFD: 24/05/2014 - 12:13:35 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Zip Viewer
O43 - CFD: 13/06/2014 - 12:28:17 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
~ Program Folder: 167 Legitimates Filtered in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B7CC32E00C5C5152D221DF182827F58E] - 14/08/2014 - 22:50:14 ---A- . (...) -- C:\Windows\System32\srms.dat [50745]
O44 - LFC:[MD5.05BB982D4C81A0058EE50199F660396A] - 16/08/2014 - 12:54:29 ---A- . (...) -- C:\Windows\DirectX.log [17891]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 17/08/2014 - 19:25:01 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.7AE5C26FEBA316432DD06FC782091168] - 17/08/2014 - 21:40:24 ---A- . (...) -- C:\zoek-results.log [30435]
O44 - LFC:[MD5.77DBE0A0FE2A6D9C545CCE4B7BE5E287] - 27/08/2014 - 01:00:10 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [158494]
O44 - LFC:[MD5.C67DABADA4A743C52CF49E8335F63707] - 27/08/2014 - 01:00:10 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [774900]
~ Files: 112 Legitimates Filtered in 00mn 23s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{93c9aba6-ab8b-11e3-be7b-d850e69e3001}\AutoRun\command. (...) -- I:\iStudio.exe (.not file.)
O51 - MPSK:{b1a23a8a-a9f8-11e3-be77-d850e69e3001}\AutoRun\command. (...) -- F:\Launcher.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:24/05/2014 - 14:04:57 ---A- . (.Protection Technology - Application Driver (01).) -- C:\Windows\System32\Drivers\appdrv01.sys [3147368]
O58 - SDL:18/07/2014 - 23:46:39 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:18/07/2014 - 23:46:39 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:18/07/2014 - 23:46:40 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:29/11/2013 - 01:16:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:25/09/2013 - 08:15:06 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:29/11/2013 - 01:16:30 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [121312]
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:19/07/2014 - 21:59:00 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [381440]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 71 Legitimates Filtered in 00mn 16s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: ZHPFix 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.043EF20817A86DAC04EF586F99D99315] [SPRF][28/08/2014] (...) -- C:\Users\cesar\AppData\Roaming\sp_data.sys [408]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{E0F7D2EB-7EE9-499F-8AB8-7A9731E1D179}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{079F517B-488E-4F34-A8E3-A4F7C664E153}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 10s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 16/08/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 24/05/2014 538000 | (appdrvrem01) . (.Protection Technology.) - C:\Windows\System32\appdrvrem01.exe
SS - | Auto 11/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/01/2013 1280768 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Demand 13/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 26/07/2013 66768 | (apmwinsrv) . (...) - C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
SR - | Demand 15/01/2013 107320 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Demand 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Demand 19/12/2012 72192 | (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Demand 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 18/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 52s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:19/07/2014 - 21:59:00 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [381440]
~ Emulateurs: Scanned in 00mn 52s



---\\ Scâner Aditional (088)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

[HKLM\Software\Google\Chrome\Extensions\iklgpchfbohgmghgfagediakopecfmbm] =>PUP.CrossRider^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm =>PUP.CrossRider^
C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKLM\Software\Wow6432Node\videos MediaPlay-Air-738f] =>PUP.CrossRider^
~ Additionnel Scan: 302381 Items scanned in 02mn 55s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ MSI: 1 link(s) detected in 00mn 00s



~ 766 Legitimates filtered by white list
End of the scan (440 lines in 07mn 40s)(0)

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.308 - Relatório criado 28/08/2014 às 15:52:19
# Atualizado 20/08/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : cesar - CASA
# Executando de : C:\Users\cesar\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\prefs.js ]


-\\ Google Chrome v37.0.2062.94

[ Arquivo : C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Arquivo : C:\Users\helen_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7002 octets] - [08/05/2014 10:48:07]
AdwCleaner[R10].txt - [414 octets] - [14/08/2014 18:33:45]
AdwCleaner[R11].txt - [10422 octets] - [15/08/2014 13:26:57]
AdwCleaner[R12].txt - [2554 octets] - [17/08/2014 12:57:31]
AdwCleaner[R13].txt - [2885 octets] - [27/08/2014 12:12:17]
AdwCleaner[R14].txt - [2666 octets] - [28/08/2014 15:05:03]
AdwCleaner[R1].txt - [2669 octets] - [08/05/2014 11:20:16]
AdwCleaner[R2].txt - [2789 octets] - [08/05/2014 11:56:12]
AdwCleaner[R3].txt - [3532 octets] - [13/05/2014 12:33:12]
AdwCleaner[R4].txt - [1733 octets] - [08/06/2014 22:39:37]
AdwCleaner[R5].txt - [1663 octets] - [18/06/2014 14:33:18]
AdwCleaner[R6].txt - [1730 octets] - [22/06/2014 13:34:56]
AdwCleaner[R7].txt - [1850 octets] - [24/06/2014 14:27:29]
AdwCleaner[R8].txt - [2531 octets] - [05/07/2014 21:50:09]
AdwCleaner[R9].txt - [2088 octets] - [23/07/2014 12:08:25]
AdwCleaner[S0].txt - [6193 octets] - [08/05/2014 11:00:38]
AdwCleaner[S10].txt - [10186 octets] - [15/08/2014 13:36:45]
AdwCleaner[S11].txt - [2611 octets] - [17/08/2014 13:16:29]
AdwCleaner[S12].txt - [2936 octets] - [27/08/2014 12:24:40]
AdwCleaner[S13].txt - [2043 octets] - [28/08/2014 15:52:19]
AdwCleaner[S1].txt - [2703 octets] - [08/05/2014 11:32:33]
AdwCleaner[S2].txt - [2823 octets] - [08/05/2014 12:05:03]
AdwCleaner[S3].txt - [3254 octets] - [13/05/2014 12:42:58]
AdwCleaner[S4].txt - [1785 octets] - [08/06/2014 22:57:13]
AdwCleaner[S5].txt - [1719 octets] - [18/06/2014 14:55:13]
AdwCleaner[S6].txt - [1788 octets] - [22/06/2014 13:49:46]
AdwCleaner[S7].txt - [1908 octets] - [24/06/2014 14:52:57]
AdwCleaner[S8].txt - [2315 octets] - [05/07/2014 22:10:33]
AdwCleaner[S9].txt - [2904 octets] - [23/07/2014 12:36:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S13].txt - [2644 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

 Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 28-08-2014
Tool run by cesar on 29/08/2014 at 0:23:13,25.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\cesar\Downloads\zoek (3).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-10-044828.log 24143 bytes
C:\zoek-results2014-05-12-030514.log 29910 bytes
C:\zoek-results2014-05-13-183911.log 21453 bytes
C:\zoek-results2014-05-18-140623.log 6742 bytes
C:\zoek-results2014-05-18-143045.log 7233 bytes
C:\zoek-results2014-05-18-155930.log 2045 bytes
C:\zoek-results2014-06-07-192615.log 768 bytes
C:\zoek-results2014-06-18-173923.log 677 bytes
C:\zoek-results2014-06-18-204430.log 44490 bytes
C:\zoek-results2014-06-22-163150.log 41322 bytes
C:\zoek-results2014-06-24-172528.log 41305 bytes
C:\zoek-results2014-07-06-024632.log 21205 bytes
C:\zoek-results2014-07-23-213716.log 21903 bytes
C:\zoek-results2014-07-25-173130.log 21632 bytes
C:\zoek-results2014-08-18-004024.log 30435 bytes

==== System Restore Info ======================

29/08/2014 00:30:34 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [18/07/2014 23:46]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\cesar\AppData\Roaming\Mozilla\Firefox\Profiles\fcm82ci4.default
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[18/07/2014 23:45]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]

Google Docs - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - cesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - helen_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\helen_000\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\helen_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\cesar\Desktop\brutalchess - Atalho.lnk - C:\Program Files (x86)\Brutal Chess\bin\brutalchess.exe
C:\Users\cesar\Desktop\Celestia.lnk - C:\Program Files (x86)\Celestia\celestia.exe
C:\Users\cesar\Desktop\il2fb - Atalho.lnk - D:\Program Files (x86)\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe
C:\Users\cesar\Desktop\Photoshop - Atalho.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe
C:\Users\cesar\Desktop\Start Tor Browser - Atalho.lnk - C:\Users\cesar\Desktop\Tor Browser\Start Tor Browser.exe
C:\Users\cesar\Desktop\TapinRadio.lnk - C:\Program Files (x86)\TapinRadio\TapinRadio.exe
C:\Users\cesar\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\cesar\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\cesar\Desktop\disquetop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\cesar\Desktop\disquetop\Any Video Converter.lnk - C:\Program Files (x86)\AnvSoft\Any Video Converter\AVCFree.exe
C:\Users\cesar\Desktop\disquetop\avast Free Antivirus.lnk -
C:\Users\cesar\Desktop\disquetop\cesar augusto de osuza pinto - Atalho.lnk - C:\Users\cesar
C:\Users\cesar\Desktop\disquetop\Free Zip Viewer.lnk - C:\Program Files (x86)\Free Zip Viewer\FreeZipViewer.exe
C:\Users\cesar\Desktop\disquetop\GameCenter.lnk - D:\Program Files (x86)\Cyanide\GameCenter\GameCenter.exe
C:\Users\cesar\Desktop\disquetop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\cesar\Desktop\disquetop\IL-2 Sturmovik 1946.lnk - D:\Program Files (x86)\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe
C:\Users\cesar\Desktop\disquetop\Jodix Free WMA to MP3 Converter.lnk - C:\Program Files (x86)\Free WMA to MP3 Converter\wma_mp3_converter.exe
C:\Users\cesar\Desktop\disquetop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\cesar\Desktop\disquetop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\cesar\Desktop\disquetop\MPC-HC.lnk - C:\Program Files (x86)\MPC-HC\mpc-hc.exe
C:\Users\cesar\Desktop\disquetop\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\cesar\Desktop\disquetop\PCM - Atalho.lnk - D:\Program Files (x86)\Cyanide\Pro Cycling Manager - Season 2008\PCM.exe
C:\Users\cesar\Desktop\disquetop\Pro Cycling Manager - Season 2008.lnk - D:\Program Files (x86)\Cyanide\Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe
C:\Users\cesar\Desktop\disquetop\Video Search.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH
C:\Users\cesar\Desktop\disquetop\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\cesar\Desktop\disquetop\µTorrent.lnk -
C:\Users\cesar\Desktop\Minhas músicas\500 CLASSIC ROCK SONGS 1 - Atalho.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Amostra de música.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Atalho para Johnny Cash.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Atalho para Karunesh Discography 17 Albums By E-Services.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Atalho para Phil Thornton-Genre New Age.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Joe Satriani - Atalho.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Native American Music - Atalho.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Oliver Shanti - Atalho.lnk -
C:\Users\cesar\Desktop\Minhas músicas\Peter Ilyich Tchaikovsky - The Symphonies [Haitink] - Atalho.lnk -
C:\Users\helen_000\Desktop\Documentos - Atalho.lnk - C:\Users\cesar\Documents
C:\Users\helen_000\Desktop\GameCenter.lnk - D:\Program Files (x86)\Cyanide\GameCenter\GameCenter.exe
C:\Users\helen_000\Desktop\Jodix Free WMA to MP3 Converter.lnk - C:\Program Files (x86)\Free WMA to MP3 Converter\wma_mp3_converter.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Europa Universalis III.lnk - C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3.exe
C:\Users\Public\Desktop\Fritz 12.lnk - C:\Program Files (x86)\ChessBase\ChessProgram12\ChessProgram12.exe -fritz
C:\Users\Public\Desktop\Microsoft Flight Simulator 2004.lnk - C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\fs9.exe
C:\Users\Public\Desktop\Pro Cycling Manager - Época 2014.lnk -
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Stellarium.lnk - C:\Program Files (x86)\Stellarium\stellarium.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyanide\Pro Cycling Manager - Época 2014\Desinstalar o Pro Cycling Manager - Época 2014.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyanide\Pro Cycling Manager - Época 2014\Executar o Pro Cycling Manager - Época 2014.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Brutal Chess.lnk - C:\Program Files (x86)\Brutal Chess\bin\brutalchess.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ASUS Install.lnk - C:\eSupport\eDriver\AsInsWiz.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eManual.Lnk - C:\eSupport\Manual\eManual.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Publisher 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\MSPUB.EXE
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spark Browser.lnk - C:\Program Files (x86)\baidu\SparkSafe\spark.exe --bar=1014
C:\Users\cesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Tor Browser - Atalho.lnk - C:\Users\cesar\Desktop\Tor Browser\Start Tor Browser.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eManual.Lnk - C:\eSupport\Manual\eManual.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\helen_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TapinRadio.lnk - C:\Program Files (x86)\TapinRadio\TapinRadio.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\cesar\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\helen_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\helen_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\cesar\AppData\Local\Mozilla\Firefox\Profiles\fcm82ci4.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\helen_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=234 folders=45 6185465 bytes)

==== Empty Temp Folders ======================

C:\Users\cesar\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\helen_000\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\cesar\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 29/08/2014 at 2:34:07,97 ======================

Boa Tarde! cesarasp

|- O Power Max está impossibilitado de lhe responder e estou,por ordenança dele,dar continuidade ao seu caso e de outros Membros.

-/-

|- Poste novo relatório da ferramenta ZHPDiag e informe a situação do computador!

A+

~ Relatório do ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Iniciado por cesar (29/08/2014 13:48:35)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17239 (Defaut)
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v37.0.2062.94
OPIE: Opera vStable 23.0.1522.77

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
ESET Online Scanner v3
Windows Defender W8 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.17

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3673 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 36 GB (19%) free of 186 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA
~ User Name: cesar
~ All Users Names: HomeGroupUser$, helen_000, Convidado, cesar, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\cesar\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\cesar\AppData\Roaming\
~ %Desktop% : C:\Users\cesar\Desktop\
~ %Favorites% : C:\Users\cesar\Favorites\
~ %LocalAppData% : C:\Users\cesar\AppData\Local\
~ %StartMenu% : C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 36 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 141 Go of 258 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.18/04/2014 - 17:03:22.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.8E71A5CB5312B8392D4DA4CA37BB5868] - (.Microsoft Corporation - Internet Extensions para Win32.) (.25/07/2014 - 07:52:06.) -- C:\Windows\System32\wininet.dll [2266624]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.18/04/2014 - 17:03:21.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 07:18:19.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.7A1A3F213CDB3363D179D5014272025D] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.30/04/2014 - 03:41:46.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.18/04/2014 - 17:03:21.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.18/03/2014 - 06:44:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 02s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/13
~ Mes Videos (My Videos) : 2/91
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/1230
~ Mon Bureau (My Desktop) : 2/12714
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 01mn 13s



---\\ Processos lançados
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.956]
[MD5.23075147F62C896784C66D706F38360E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328504] [PID.4524]
[MD5.3433CF435F84B24965A8202118F41A7A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe [1322832] [PID.684] =>P2P.BitTorrent
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.5056]
[MD5.B7BCA8A30CE13A283CDBDECEF5616C39] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192] [PID.1152]
[MD5.97202E9C0D86387888435470CCAF45BE] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [192000] [PID.2564]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.4416]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.3884]
[MD5.7C58A2513C3DA421A461D75C66C56D21] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1123536] [PID.4620]
[MD5.498622161649098034DA1893F00E9762] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.2664]
[MD5.1D5AC29D84222D8BBC5D056BB65738AA] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808] [PID.3248]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.5528]
~ Processes Running: Scanned in 00mn 05s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] 9409577E503AC173D92EF8ACB6A192D317958933BC479072374C850EF0A47EA2
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Apresentações v.0.8 (Activé)
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Planilhas do Google v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 22 Legitimates Filtered in 00mn 14s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (19)
~ Hosts File: Scanned in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [cesar]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 26s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\cesar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKCU\..\Run: [TapinRadio] . (.Raimersoft - Internet Radio Application.) -- C:\Program Files (x86)\TapinRadio\TapinRadio.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\cesar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKUS\S-1-5-21-2982737377-722400272-4200008662-1001\..\Run: [TapinRadio] . (.Raimersoft - Internet Radio Application.) -- C:\Program Files (x86)\TapinRadio\TapinRadio.exe
~ Application: Scanned in 00mn 01s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4E6A366-7317-4824-A9DF-3DC93662CB13}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Paragon APM service (apmwinsrv) . (...) - C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
~ Services: 7 Legitimates Filtered in 00mn 58s



---\\ Tarefas planificadas automaticamente (039)
[MD5.F1B0727B60E512B48A167A4429D3B3BD] [APT] [Opera scheduled Autoupdate 1395609193] (.Opera Software.) -- C:\Program Files (x86)\Opera\launcher.exe [468088]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1004Core [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1004UA [954]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1076]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 26s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (appdrv01) . (.Protection Technology - Application Driver (01).) - C:\Windows\System32\Drivers\appdrv01.sys
~ Drivers: 44 Legitimates Filtered in 00mn 03s



---\\ Software instalados (042)
O42 - Logiciel: Battle vs. Chess - (.Zuxxez Entertainment.) [HKLM][64Bits] -- Battle vs. Chess_is1
O42 - Logiciel: Brutal Chess - (...) [HKLM][64Bits] -- Brutal Chess
O42 - Logiciel: FeelThere E-Jets v.2 - (...) [HKCU][64Bits] -- FeelThere E-Jets v.2
O42 - Logiciel: Free Zip Viewer - (.Free Zip Viewer.) [HKLM][64Bits] -- Free Zip Viewer
~ Logic: 30 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Brutal Chess]
[HKCU\Software\Tribo Gamer]
[HKCU\Software\Zuxxezz]
[HKLM\Software\Wow6432Node\97834587-c78a-474c-95cb-a46d964a1a7b]
[HKLM\Software\Wow6432Node\9a18ee66-230d-49ee-be76-f7aae1d47cb0]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\Shortcut_Module]
[HKLM\Software\Wow6432Node\Zuxxez]
[HKLM\Software\Wow6432Node\videos MediaPlay-Air-738f] =>PUP.CrossRider
~ Key Software: 277 Legitimates Filtered in 00mn 03s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/04/2014 - 20:53:13 - [] ----D C:\Program Files (x86)\Brutal Chess
O43 - CFD: 24/05/2014 - 12:13:37 - [] ----D C:\Program Files (x86)\Free Zip Viewer
O43 - CFD: 13/06/2014 - 12:28:16 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 13/04/2014 - 13:42:01 - [] ----D C:\Program Files (x86)\Zuxxez
O43 - CFD: 24/05/2014 - 12:13:37 - [] ----D C:\Users\cesar\AppData\Local\Free Zip Viewer
O43 - CFD: 18/04/2014 - 17:40:12 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brutal Chess
O43 - CFD: 04/06/2014 - 12:23:36 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FeelThere
O43 - CFD: 24/05/2014 - 12:13:35 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Zip Viewer
O43 - CFD: 13/06/2014 - 12:28:17 - [] ----D C:\Users\cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
~ Program Folder: 167 Legitimates Filtered in 00mn 03s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B7CC32E00C5C5152D221DF182827F58E] - 14/08/2014 - 22:50:14 ---A- . (...) -- C:\Windows\System32\srms.dat [50745]
O44 - LFC:[MD5.05BB982D4C81A0058EE50199F660396A] - 16/08/2014 - 12:54:29 ---A- . (...) -- C:\Windows\DirectX.log [17891]
O44 - LFC:[MD5.7AE5C26FEBA316432DD06FC782091168] - 17/08/2014 - 21:40:24 ---A- . (...) -- C:\zoek-results2014-08-18-004024.log [30435]
O44 - LFC:[MD5.77DBE0A0FE2A6D9C545CCE4B7BE5E287] - 27/08/2014 - 01:00:10 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [158494]
O44 - LFC:[MD5.C67DABADA4A743C52CF49E8335F63707] - 27/08/2014 - 01:00:10 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [774900]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 29/08/2014 - 00:22:55 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.8C84CEC6D8673788C25B2C81D67EA2E2] - 29/08/2014 - 02:34:07 ---A- . (...) -- C:\zoek-results.log [20643]
~ Files: 113 Legitimates Filtered in 01mn 59s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{93c9aba6-ab8b-11e3-be7b-d850e69e3001}\AutoRun\command. (...) -- I:\iStudio.exe (.not file.)
O51 - MPSK:{b1a23a8a-a9f8-11e3-be77-d850e69e3001}\AutoRun\command. (...) -- F:\Launcher.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:24/05/2014 - 14:04:57 ---A- . (.Protection Technology - Application Driver (01).) -- C:\Windows\System32\Drivers\appdrv01.sys [3147368]
O58 - SDL:18/07/2014 - 23:46:39 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:18/07/2014 - 23:46:39 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:18/07/2014 - 23:46:40 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:29/11/2013 - 01:16:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:25/09/2013 - 08:15:06 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:29/11/2013 - 01:16:30 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [121312]
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:19/07/2014 - 21:59:00 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [381440]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 71 Legitimates Filtered in 00mn 47s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: ZHPFix 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.043EF20817A86DAC04EF586F99D99315] [SPRF][29/08/2014] (...) -- C:\Users\cesar\AppData\Roaming\sp_data.sys [408]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{E0F7D2EB-7EE9-499F-8AB8-7A9731E1D179}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{079F517B-488E-4F34-A8E3-A4F7C664E153}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 10s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 16/08/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 24/05/2014 538000 | (appdrvrem01) . (.Protection Technology.) - C:\Windows\System32\appdrvrem01.exe
SS - | Auto 11/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/01/2013 1280768 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Demand 13/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 26/07/2013 66768 | (apmwinsrv) . (...) - C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
SR - | Demand 15/01/2013 107320 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Demand 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Demand 19/12/2012 72192 | (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Demand 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 18/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 49s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:19/07/2014 - 21:59:00 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [381440]
~ Emulateurs: Scanned in 00mn 49s



---\\ Scâner Aditional (088)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\cesar\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKLM\Software\Wow6432Node\videos MediaPlay-Air-738f] =>PUP.CrossRider^
~ Additionnel Scan: 301987 Items scanned in 05mn 17s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ MSI: 1 link(s) detected in 00mn 00s



~ 767 Legitimates filtered by white list
End of the scan (440 lines in 14mn 06s)(0)

continua com lags em videos, navegadores lentos e travando, embora um pouco menos depois dos procedimentos anteriores

Boa Tarde! cesarasp

|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.

script zhpfix
Firewallraz
emptytemp
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1004Core [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2982737377-722400272-4200008662-1004UA [954]
O44 - LFC:[MD5.05BB982D4C81A0058EE50199F660396A] - 16/08/2014 - 12:54:29 ---A- . (...) -- C:\Windows\DirectX.log [17891]
O44 - LFC:[MD5.7AE5C26FEBA316432DD06FC782091168] - 17/08/2014 - 21:40:24 ---A- . (...) -- C:\zoek-results2014-08-18-004024.log [30435]
O44 - LFC:[MD5.8C84CEC6D8673788C25B2C81D67EA2E2] - 29/08/2014 - 02:34:07 ---A- . (...) -- C:\zoek-results.log [20643]
O51 - MPSK:{93c9aba6-ab8b-11e3-be7b-d850e69e3001}\AutoRun\command. (...) -- I:\iStudio.exe (.not file.)
[HKLM\Software\Wow6432Node\videos MediaPlay-Air-738f] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\videos MediaPlay-Air-738f] =>PUP.CrossRider^
emptyclsid
emptyprefetch
Ifeofix

|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by cesar at 29/08/2014 14:38:08
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 02s)
Prefetcher vazio

========== Chaves do Registo ==========
Ramo Base de Registos IFEO não infetado !

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINA REINICIAR: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-2982737377-722400272-4200008662-1004core
ELIMINA REINICIAR: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-2982737377-722400272-4200008662-1004ua


========== Recapitulativo ==========
1 : Chaves do Registo
2 : Valores do Registo
1 : Pastas
3 : Ficheiros


End of clean in 00mn 04s

========== Caminho do ficheiro do relatório ==========
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/05/2014 11:17:04 [2265]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R2].txt - 10/05/2014 11:49:05 [1076]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R3].txt - 14/05/2014 00:17:48 [1816]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R4].txt - 14/05/2014 11:17:35 [1232]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R5].txt - 07/06/2014 18:09:01 [1982]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R6].txt - 08/06/2014 15:41:03 [1493]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R7].txt - 23/07/2014 10:55:15 [1720]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R8].txt - 23/07/2014 12:02:59 [1652]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R9].txt - 29/08/2014 14:27:54 [2407]
C:\Users\cesar\AppData\Roaming\ZHP\ZHPFix[R10].txt - 29/08/2014 14:38:11 [1814]

Boa Tarde! cesarasp

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Nicolas Coolman )

|- Estando na página,clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Salve-a no desktop!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Marque todas as opções disponíveis.
|- Clique Réparer.
|- Clique Rapport.
|- Poste o relatório!

A+

~ ZHPCleaner v2014.8.29.94 by Nicolas Coolman (28/08/2014)
~ Run by cesar (Administrator) (29/08/2014 15:19:28)
~ WebSite : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Updated version
~ Report : C:\Users\cesar\Desktop\ZHPCleaner.txt
~ Report : C:\Users\cesar\AppData\Roaming\ZHP\ZHPCleaner.txt
~ Quarantine : C:\Users\cesar\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ Windows 81, 64-bit (Build 9600)



---\\ Restoration of the browsers default proxy settings.
REPLACED PARAMS: EnableHttp1_1 ( 1 )


---\\ Redirect Shortcut Browsers repair (Argument Infection).


---\\ Startup Browser Microsoft Internet Explorer Repair.
REPLACED PARAMS: Default_Page_URL ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED PARAMS: Search Page ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED PARAMS: Default_Page_URL ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED PARAMS: Default_Search_URL ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED PARAMS: Start Page ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED PARAMS: Search Page ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED PARAMS: Default_Page_URL ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED PARAMS: Default_Search_URL ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED PARAMS: Start Page ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )


---\\ Startup Browser Mozilla Firefox Repair.


---\\ Startup Browser Coogle Chrome Repair.
REPLACED URL: "homepage": "9409577E503AC173D92EF8ACB6A192D317958933BC479072374C850EF0A47EA2",


---\\ Startup Browser Opera Sofware Opera Repair.
~ No browser faund


---\\ Browser Helper Objet Repair.


---\\ Toolbars Repair.


---\\ Defaul Browser Provider Repair (SearchScope). (Default)
~ No repair necessary


---\\ Defaul Browser Provider Repair (SearchScope). (Others)


---\\ Remove values from startup key changing the browser settings (Run).


---\\ Generic removal of infection by Hijacker Sambreel.


---\\ Removal of harmful extensions for Mozilla Firefox (Register).


---\\ Repair of the hosts file
REPLACED:
Number of found redirections 1/19


---\\ Removal of harmful extensions for Google Chrome (Manifest).


End of clean at 15:20:23

Boa Tarde! cesarasp

|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Estando na página,clique em Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Com as caixinhas marcadas,clique Executar!
|- Algum problema,ainda com lentidão nos navegadores?

A+

# DelFix v10.8 - Relatório criado 29/08/2014 às 15:35:15
# Atualizado 29/07/2014 por Xplode
# Usuário : cesar - CASA
# Sistema Operacional : Windows 8.1 Single Language (64 bits)

~ Ativando UAC ... OK

~ Removendo ferramentas de desinfecção ...

Removido : C:\pre_scan
Removido : C:\FRST
Removido : C:\zoek_backup
Removido : C:\Shortcut_Module
Removido : C:\AdwCleaner
Removido : C:\Users\cesar\Downloads\FRST-OlderVersion
Removido : C:\Users\cesar\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files (x86)\ZHPDiag
Removido : C:\PhysicalDisk0_MBR.bin
Removido : C:\Pre_Scan_16_05_2014_11_56_17.txt
Removido : C:\Pre_Scan_18_05_2014_12_36_25.txt
Removido : C:\Shortcut_Module_14_05_2014_13_31_55.txt
Removido : C:\Shortcut_Module_15_05_2014_22_43_55.txt
Removido : C:\zoek-results2014-05-10-044828.log
Removido : C:\zoek-results2014-05-12-030514.log
Removido : C:\zoek-results2014-05-13-183911.log
Removido : C:\zoek-results2014-05-18-140623.log
Removido : C:\zoek-results2014-05-18-143045.log
Removido : C:\zoek-results2014-05-18-155930.log
Removido : C:\zoek-results2014-06-07-192615.log
Removido : C:\zoek-results2014-06-18-173923.log
Removido : C:\zoek-results2014-06-18-204430.log
Removido : C:\zoek-results2014-06-22-163150.log
Removido : C:\zoek-results2014-06-24-172528.log
Removido : C:\zoek-results2014-07-06-024632.log
Removido : C:\zoek-results2014-07-23-213716.log
Removido : C:\zoek-results2014-07-25-173130.log
Removido : C:\Users\cesar\Desktop\ZHPCleaner.txt
Removido : C:\Users\cesar\Desktop\ZHPDiag.lnk
Removido : C:\Users\cesar\Desktop\ZHPDiag.txt
Removido : C:\Users\cesar\Desktop\ZHPFix.lnk
Removido : C:\Users\cesar\Desktop\ZHPFixReport.txt
Removido : C:\Users\cesar\Downloads\Addition.txt
Removido : C:\Users\cesar\Downloads\AdwCleaner.exe
Removido : C:\Users\cesar\Downloads\adwcleaner_3.308.exe
Removido : C:\Users\cesar\Downloads\Fixlog.txt
Removido : C:\Users\cesar\Downloads\FRST.txt
Removido : C:\Users\cesar\Downloads\FRST64.exe
Removido : C:\Users\cesar\Downloads\JRT (1).exe
Removido : C:\Users\cesar\Downloads\JRT (2).exe
Removido : C:\Users\cesar\Downloads\JRT (3).exe
Removido : C:\Users\cesar\Downloads\JRT.exe
Removido : C:\Users\cesar\Downloads\HijackThis (1).exe
Removido : C:\Users\cesar\Downloads\HijackThis (2).exe
Removido : C:\Users\cesar\Downloads\HijackThis (3).exe
Removido : C:\Users\cesar\Downloads\HijackThis (4).exe
Removido : C:\Users\cesar\Downloads\HijackThis.exe
Removido : C:\Users\cesar\Downloads\hijackthis.log
Removido : C:\Users\cesar\Downloads\mkv-player-2-1-17-32-bits.exe
Removido : C:\Users\cesar\Downloads\ZHPCleaner.exe
Removido : C:\Users\cesar\Downloads\ZHPDiag2 (1).exe
Removido : C:\Users\cesar\Downloads\ZHPDiag2 (2).exe
Removido : C:\Users\cesar\Downloads\ZHPDiag2 (3).exe
Removido : C:\Users\cesar\Downloads\ZHPDiag2 (4).exe
Removido : C:\Users\cesar\Downloads\ZHPDiag2 (5).exe
Removido : C:\Users\cesar\Downloads\ZHPDiag2 (6).exe
Removido : C:\Users\cesar\Downloads\ZHPDiag2 (7).exe
Removido : C:\Users\cesar\Downloads\ZHPDiag2.exe
Removido : C:\Users\cesar\Downloads\ZHPFix.exe
Removido : C:\Users\cesar\Downloads\zoek (1).exe
Removido : C:\Users\cesar\Downloads\zoek (2).exe
Removido : C:\Users\cesar\Downloads\zoek (3).exe
Removido : C:\Users\cesar\Downloads\zoek.exe
Removido : HKCU\Software\g3n-h@ckm@n
Removido : HKLM\SOFTWARE\AdwCleaner
Removido : HKLM\SOFTWARE\g3n-h@ckm@n
Removido : HKLM\SOFTWARE\Shortcut_Module
Removido : HKLM\SOFTWARE\TrendMicro\Hijackthis
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Criando backup do registro ... OK

~ Limpando pontos da restauração do sistema ...

Removido : RP #34 [DirectX instalado | 08/16/2014 15:46:41]
Removido : RP #35 [Ponto de Verificação Agendado | 08/25/2014 17:14:55]
Removido : RP #36 [zoek.exe restore point | 08/29/2014 03:27:14]

Novo ponto de restauração criado !

~ Redefinindo configurações do sistema ... OK

########## - EOF - ##########

ainda á lentidão e lags nos navegadores tipico de mawares, sendo mais intenso no chrome, opera,firefox, menos intenso no explorer

cesarasp escreveu:ainda á lentidão e lags nos navegadores tipico de mawares, sendo mais intenso no chrome, opera,firefox, menos intenso no explorer

Boa Tarde! cesarasp

|- Já verificou se o problema é com a Internet? Pois vários navegadores com os mesmos sintomas...

-/-

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Siga as orientações deste Tutorial e poste o log do MBAM.

A+

internet esta e seu funcionamento normal, ja fiz varias verificações no entanto o problema persiste. trabalharei com o malwarebytes como indicado.

o mawarebytes não esta executando, ja coloquei permissão no firewal do windows e desativei o avast e mesmo assim não funciona, uso win8.1

cesarasp escreveu:o mawarebytes não esta executando, ja coloquei permissão no firewal do windows e desativei o avast e mesmo assim não funciona, uso win8.1

Ok! cesarasp

|- Pode abortar o uso do MBAM.
|- Utilize o navegador mais rápido,para esse scan.

-/-

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Salve-o no desktop!
|- Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
|- Aceite o contrato e marque: "YES, I accept the Terms of Use"
|- Clique: "Start"

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Em "Computer scan settings",marque:

<1> Scan archives
<2> Scan for potentially unsafe applications[/b]
<3> Enable Anti-Stealth technology[/b]
<4> Remove found threats[/b]

|- Clique em "Advanced settings".
|- Clique "Change" e marque a caixa "Computador".
|- Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
|- Ao concluir,clique em "List of found threats".
|- Clique em "Export to text file" e salve o relatório no desktop.
|- Clique "Back" >> "Finish".
|- Poste o relatório!


A+

C:\Users\cesar\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000 Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
C:\Users\cesar\AppData\Roaming\Opera Software\Opera Stable\File System\002\t\00\00000000 Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
C:\Users\cesar\Downloads\4shared_desktop_4.0.3.1.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\cesar\Downloads\aTubeCatcher.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Users\cesar\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\cesar\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\cesar\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\cesar\Downloads\Download O Faixa Preta Dublado (dvd-rip).zip.exe a variant of Win32/AdWare.Midia.E application cleaned by deleting - quarantined
C:\Users\cesar\Downloads\Download.exe a variant of Win32/AdWare.MultiPlug.AP application cleaned by deleting - quarantined
C:\Users\cesar\Downloads\Kuro_Obi_O_Faixa_Preta_avi (1).exe Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
C:\Users\cesar\Downloads\Kuro_Obi_O_Faixa_Preta_avi (2).exe Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
C:\Users\cesar\Downloads\Kuro_Obi_O_Faixa_Preta_avi (3).exe Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
C:\Users\cesar\Downloads\Kuro_Obi_O_Faixa_Preta_avi.exe Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
C:\Users\cesar\Downloads\The Cyclist Training Bible 3rd Ed.rar.exe a variant of Win32/AdWare.MultiPlug.AP application cleaned by deleting - quarantined
C:\Users\cesar\Downloads\the_mountain_biker_s_training_bible_Full (1).exe Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
C:\Users\cesar\Downloads\the_mountain_biker_s_training_bible_Full.exe Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
C:\Users\cesar\Downloads\Vikings 2 Temporada Torrent Legendado Hdtv (2014).exe a variant of Win32/AdWare.Midia.C application cleaned by deleting - quarantined
C:\Users\cesar\Downloads\zip.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\cesar\Local Settings\Temp\FreeZipViewer\PIPAskToolbar\Offercast2802_ADAP_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined

Bom Dia! cesarasp

|- Depois desse scan e estas detecções PUPs pela Eset,houve alguma alteração de velocidade nos navegadores?

A+

sim esta entrando direto nos sites, sem travamentos e lags, mas ainda percebo que á virus, pois videos ainda dão pequenos lags sem o pc estar em auto processamento, coisa que antes com o pc limpo não acontecia.poderiamos fazer mais algum procedimento para descargo de consciencia.kk

cesarasp escreveu:sim esta entrando direto nos sites, sem travamentos e lags, mas ainda percebo que á virus, pois videos ainda dão pequenos lags sem o pc estar em auto processamento, coisa que antes com o pc limpo não acontecia.poderiamos fazer mais algum procedimento para descargo de consciencia.kk

Ok!

|- Desinstale o Malwarebytes,acionando este removedor.

-/-

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Salve-o em local adequado e execute-o como administrador.
|- Aceite o reboot,ao ser solicitado!
|- Caso encontre,delete a pasta do MBAM.
|- Ao concluir,execute o CCleaner na opção de limpeza do registro.
|- Baixe,novamente,o Malwarebytes e execute-o em Modo de Compatibilidade.
|- Escolha Windows 7 ou XP. (SP3)
|- Tendo êxito,poste o relatório do scan realizado com o Malwarebytes.

Abs!