virus, malware, baidu, anyprotect, adwares...

olá bom dia a todos
de acordo com a descrição
todas essas pragas foram instaladas
quando fui a caixa de dicas para baixar avira onde foi me redirecionado
ao baixaki

o pior é que na instalação do antivirus eu cliquei em decline em todos os
quesitos

agora nem adblock é funcional
pois o AnyProtect
é um tipo de programa instalado em minha maquina
sendo assim não tem como bloquear

por onde começo?

/!\ Bom Dia! Aldemir /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
> Ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt ) 
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > 

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Ou anexe-o |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Link!

> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| > << Hospedagem!

A+

Bom dia joram

Obrigado por responder


bem
ao usar ZHPdiag
surgiu a seguinte janela:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

caso eu tenha feito algo de errado e não consiga visualizar diz assim:

erreur: erreur de socket n° 10060
délai de connexion dépassé.

Ops falha minha

demorei mas chegou

ZHPdiag:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

/!\ Boa Tarde! Aldemir /!\

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyTemp
EmptyFlash
ProxyFix
HiddenFix
[MD5.3756AF3DECE011FEDEAFC929B56CBCDF] [APT] [94A46359-5537-4201-BEFD-1EC63DFD0943] (.Baidu Inc..) -- C:\ProgramData\Baidu Security\PC_Faster_Setup_Mini_GL16.exe   [1108512]
[MD5.89936BB6B05450486FE504BF741F4386] [SPRF][16/01/2015] (.Sense+ - Sense exe.) -- C:\Users\Aldemir\AppData\Roaming\MJNQWZAR.exe   [2030560]
[MD5.57FB94A17D58CBE38F009CD4AF584C5D] [SPRF][16/01/2015] (.Cinema PlusV16.01 - CinemaP-1.9cV16.01 exe.) -- C:\Users\Aldemir\AppData\Roaming\VBLU.exe   [2030560]
[MD5.00000000000000000000000000000000] [APT] [2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7] (...) -- C:\Program Files\Ge-Force\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP3] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.)   [0]
[MD5.FEB2AA8F30800CA59BEFE91AD2E97A6D] [APT] [BlockAndSurf Update] (...) -- C:\Program Files\ver8BlockAndSurf\J6BlockAndSurfR79.exe   [749056]
[MD5.D858BA2EE718B1DB1CED20646E641D08] [APT] [globalUpdateUpdateTaskMachineCore] (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe   [68608]
[MD5.D858BA2EE718B1DB1CED20646E641D08] [APT] [globalUpdateUpdateTaskMachineUA] (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe   [68608]
[MD5.89936BB6B05450486FE504BF741F4386] [APT] [MJNQWZAR] (.Sense+.) -- C:\Users\Aldemir\AppData\Roaming\MJNQWZAR.exe   [2030560]
[MD5.DC4673F5FD4433E32FA9D67C7B8663DA] [APT] [ShopperPro] (.Goobzo LTD.) -- C:\Program Files\ShopperPro\ShopperPro.exe   [1111400]
[MD5.3BC3F4A25066785703F5E2CF32B891DF] [APT] [ShopperProJSUpd] (.Goobzo.) -- C:\Program Files\ShopperPro\updater.exe   [748392]
[MD5.F524099338597504AE0C886F7142D420] [APT] [SPDriver] (...) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe   [3224576]
[MD5.57FB94A17D58CBE38F009CD4AF584C5D] [APT] [VBLU] (.Cinema PlusV16.01.) -- C:\Users\Aldemir\AppData\Roaming\VBLU.exe   [2030560]
[MD5.399D14B9BC91E876C33D728B5B463AA5] [APT] [YTDownloader] (.YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe   [1988456]
[MD5.D649FA79DBA8FFE2587CCFC07DE1F7B7] [APT] [YTDownloaderUpd] (.Goobzo.) -- C:\Program Files\YTDownloader\updater.exe   [748392]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
[MD5.FEB2AA8F30800CA59BEFE91AD2E97A6D] - (.No owner - Installation support.) -- C:\Program Files\ver8BlockAndSurf\J6BlockAndSurfR79.exe   [749056] [PID.988]
[MD5.D6C85270D8BF676BC6A88A81457ED445] - (.No owner - Surfing surfing.) -- C:\Program Files\ver8BlockAndSurf\BlockAndSurf.exe   [129536] [PID.2000]
[MD5.A8337BFB411F2714526C6CE04F3081C0] - (...) -- C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe   [268288] [PID.2816]
[MD5.F524099338597504AE0C886F7142D420] - (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe   [3224576] [PID.2984]
SS - | Auto 16/01/2015 68608 |  (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 16/01/2015 68608 |  (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SR - | Auto 16/01/2015 464384 |  (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
SR - | Auto 28/12/2014 158864 |  (IHProtect Service) . (.XTab system.) - C:\Program Files\XTab\ProtectService.exe
M2 - MFEP: RegExtension {6133A0A2-05C7-C9F9-E975-A9196BC5A539} . (...) -- C:\Program Files\ver8BlockAndSurf\186.xpi
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files\XTab\SupTab.dll
O2 - BHO: BlockAndSurf - {82854976-2CD7-41B6-70E8-7921A8CE498D} . (...) -- C:\Program Files\ver8BlockAndSurf\186.dll
O2 - BHO: ShopperProBHO - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} . (.Goobzo Ltd. - ShopperPro Extension.) -- C:\ProgramData\ShopperPro\ShopperPro.dll
O4 - HKLM\..\Run: [WinCheck] . (...) -- C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe
O4 - HKLM\..\Run: [SPDriver] . (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
O4 - HKLM\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe
O4 - HKCU\..\Run: [SPDriver] . (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
O4 - HKCU\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe
O4 - HKUS\S-1-5-21-2887622060-1900363798-2962781400-1000\..\Run: [SPDriver] . (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
O4 - HKUS\S-1-5-21-2887622060-1900363798-2962781400-1000\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool  Service.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files\XTab\ProtectService.exe
O39 - APT:  - (..) -- C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-6.job   [5732]
O39 - APT: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7 - (...) -- C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7.job   [5828]
O39 - APT: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7 - (...) -- C:\Windows\System32\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7   [5828]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job   [366]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1   [366]
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job   [364]
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2   [364]
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\Tasks\APSnotifierPP3.job   [364]
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3   [364]
O39 - APT: BlockAndSurf Update - (...) -- C:\Windows\Tasks\BlockAndSurf Update.job   [404]
O39 - APT: BlockAndSurf Update - (...) -- C:\Windows\System32\Tasks\BlockAndSurf Update   [404]
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job   [962]
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore   [962]
O39 - APT: globalUpdateUpdateTaskMachineUA - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job   [966]
O39 - APT: globalUpdateUpdateTaskMachineUA - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA   [966]
O39 - APT: VBLU - (.Cinema PlusV16.01.) -- C:\Windows\Tasks\VBLU.job   [1342]
O39 - APT: VBLU - (.Cinema PlusV16.01.) -- C:\Windows\System32\Tasks\VBLU   [1342]
O39 - APT: MJNQWZAR - (.Sense+.) -- C:\Windows\Tasks\MJNQWZAR.job   [1598]
O39 - APT: MJNQWZAR - (.Sense+.) -- C:\Windows\System32\Tasks\MJNQWZAR   [1598]
O42 - Logiciel: BlockAndSurf - (.BlockAndSurf-software.) [HKLM] -- F8CFC13F-EFA5-68FA-078F-B0E51C8A5AA1
O42 - Logiciel: GamesDesktop 020.100 - (.GAMESDESKTOP.) [HKLM] -- gmsd_br_100_is1
O42 - Logiciel: Ge-Force - (.Webar.) [HKLM] -- Ge-Force
O42 - Logiciel: Sense - (.Sense+.) [HKLM] -- Sense
O42 - Logiciel: Shopper-Pro - (...) [HKLM] -- ShopperPro
O42 - Logiciel: WinCheck - (.WinCheck.) [HKLM] -- wincheck
O42 - Logiciel: YTDownloader - (.YTDownloader.) [HKLM] -- YTDownloader
O43 - CFD: 10/12/2014 - 18:48:40 - [] ----D C:\ProgramData\APN
O44 - LFC:[MD5.1712807A9C919FD1DA58640FFB97D7C0] - 16/01/2015 - 06:14:33 ---A- . (.Corsica - Web Instrumentation New Driver.) -- C:\Windows\System32\Drivers\webinstrNHKT.sys   [49216]
O45 - LFCP:[MD5.E8C410F962C537DED9090CBFF588E270] - 16/01/2015 - 01:47:16 ---A- - C:\Windows\Prefetch\JAN7_COR_OMIGA-PLUS.EXE-E70B27F2.pf
O45 - LFCP:[MD5.05A34FEC5ADC83DBB18E5D7F8F3AA681] - 16/01/2015 - 06:14:53 ---A- - C:\Windows\Prefetch\WPM_V20.0.0.1714.EXE-E6EC7893.pf
O58 - SDL:16/01/2015 - 06:14:33 ---A- . (.Corsica - Web Instrumentation New Driver.) -- C:\Windows\System32\Drivers\webinstrNHKT.sys   [49216]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\Temp\Cyti Web\CytiWeb.mg.exe   [247024]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleCrashHandler.exe   [72872]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleUpdate.exe   [68608]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleUpdateBroker.exe   [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleUpdateOnDemand.exe   [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\goopdate.dll   [761856]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\goopdateres_en.dll   [26792]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\npGoogleUpdate4.dll   [220672]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\psmachine.dll   [155648]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\psuser.dll   [155648]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleCrashHandler.exe   [72872]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleUpdate.exe   [68608]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleUpdateBroker.exe   [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleUpdateOnDemand.exe   [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\goopdate.dll   [761856]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\goopdateres_en.dll   [26792]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\npGoogleUpdate4.dll   [220672]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\psmachine.dll   [155648]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\psuser.dll   [155648]
O61 - LFC: 16/01/2015 - 10:38:05 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\Temp\Install_18055\ins_shopperpro.exe   [2691353]
O61 - LFC: 16/01/2015 - 10:38:06 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe   [268288]
O61 - LFC: 16/01/2015 - 10:38:06 ---A- . (.Sense+.) -- C:\Users\Aldemir\AppData\Roaming\MJNQWZAR.exe   [2030560]
O61 - LFC: 16/01/2015 - 10:38:06 ---A- . (.wincheck.) -- C:\Users\Aldemir\AppData\Local\wincheck\Uninstall.exe   [91929]
O61 - LFC: 16/01/2015 - 10:38:07 ---A- . (.Cinema PlusV16.01.) -- C:\Users\Aldemir\AppData\Roaming\VBLU.exe   [2030560]
O64 - Services: CurCS - 15/01/2015 - C:\Program Files\YTDOWN~1\sbmntr.sys (sbmntr)  .(.YTDownloader - YTDownloader Driver.) - LEGACY_SBMNTR
O64 - Services: CurCS - 15/01/2015 - C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.sys (SPDRIVER_1473.0.0.0)  .(.No owner - jsdrv.) - LEGACY_SPDRIVER_1473.0.0.0
O64 - Services: CurCS - 16/01/2015 - C:\Windows\system32\Drivers\webinstrNHKT.sys (webinstrNHKT)  .(.Corsica - Web Instrumentation New Driver.) - LEGACY_WEBINSTRNHKT
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
[HKLM\Software\Conduit]
[HKCU\Software\Conduit]
[HKCU\Software\AnyProtect]
[HKCU\Software\AppDataLow\Software\BlockAndSurf]
[HKCU\Software\AppDataLow\Software\Crossrider]
[HKCU\Software\InstallCore]
[HKCU\Software\InstalledBrowserExtensions]
[HKCU\Software\TutoTag]
[HKCU\Software\Tutorials]
[HKCU\Software\YTDownloader]
[HKCU\Software\globalUpdate]
[HKLM\Software\GAMESDESKTOP]
[HKLM\Software\GlobalUpdate]
[HKLM\Software\InstalledBrowserExtensions]
[HKLM\Software\SupDp]
[HKLM\Software\Tutorials]
[HKLM\Software\supTab]
[HKLM\Software\supWindowsMangerProtect]
[HKLM\Software\sweet-pageSoftware]
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin)
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher)
[HKCR\CLSID\{82854976-2CD7-41B6-70E8-7921A8CE498D}] (BlockAndSurf)
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82854976-2CD7-41B6-70E8-7921A8CE498D}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
[HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate) (globalUpdate]
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\F8CFC13F-EFA5-68FA-078F-B0E51C8A5AA1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_br_100_is1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wincheck]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
[HKCU\Software\InstalledBrowserExtensions\]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:WinCheck
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SPDriver
C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {6133A0A2-05C7-C9F9-E975-A9196BC5A539} . (...) -- C:\extensions\Program Files\ver8BlockAndSurf\186.xpi
C:\Program Files\ver8BlockAndSurf\J6BlockAndSurfR79.exe
C:\Program Files\ver8BlockAndSurf\BlockAndSurf.exe
C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe
C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
C:\Program Files\ShopperPro\ShopperPro.exe
C:\Program Files\ShopperPro\updater.exe
C:\Users\Aldemir\AppData\Roaming\VBLU.exe
C:\Program Files\YTDownloader\YTDownloader.exe
C:\Program Files\YTDownloader\updater.exe
C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-6.job
C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7.job
C:\Windows\System32\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
C:\Windows\Tasks\APSnotifierPP1.job
C:\Windows\System32\Tasks\APSnotifierPP1
C:\Windows\Tasks\APSnotifierPP2.job
C:\Windows\System32\Tasks\APSnotifierPP2
C:\Windows\Tasks\APSnotifierPP3.job
C:\Windows\System32\Tasks\APSnotifierPP3
C:\Windows\Tasks\BlockAndSurf Update.job
C:\Windows\System32\Tasks\BlockAndSurf Update
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
C:\Windows\Tasks\VBLU.job
C:\Windows\System32\Tasks\VBLU
C:\Program Files\Ge-Force
C:\Program Files\globalUpdate
C:\Program Files\Hotspot Shield
C:\Program Files\Sense
C:\Program Files\ShopperPro
C:\Program Files\ver8BlockAndSurf
C:\Program Files\YTDownloader
C:\ProgramData\ShopperPro
C:\Program Files\XTab\ProtectService.exe
C:\ProgramData\WindowsMangerProtect
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
C:\Users\Aldemir\AppData\Roaming\AnyProtectEx
C:\Users\Aldemir\AppData\Roaming\Hotspot Shield
C:\Users\Aldemir\AppData\Roaming\sweet-page
C:\Users\Aldemir\AppData\Local\app
C:\Users\Aldemir\AppData\Local\globalUpdate
C:\Users\Aldemir\AppData\Local\wincheck
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
ServiceStop:globalUpdate
ServiceStop:WindowsMangerProtect
ServiceStop:"IHProtect Service"

> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!


< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

A+

Boa tarde joram

em uio me apareceu este log :


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Paint.lnk=@%SystemRoot%\system32\shell32.dll,-22054


e em non este daqui:

Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by Aldemir at 16/01/2015 15:12:10
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (Cancelado pelo utilizador)
Prefetcher vazio

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\ver8blockandsurf\uninstall.exe
ELIMINÉ: GamesDesktop 020.100
AUSENTE Uninstall Process: c:\program files\ge-force\uninstall.exe
AUSENTE Uninstall Process: c:\program files\sense\uninstall.exe
AUSENTE Uninstall Process: c:\program files\shopperpro\spremove.exe
AUSENTE Uninstall Process: c:\users\aldemir\appdata\local\wincheck\uninstall.exe
AUSENTE Uninstall Process: c:\program files\ytdownloader\ytduninstall.exe

========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
ELIMINÉ: Memory Process: C:\Program Files\ShopperPro\ShopperPro.exe
ELIMINÉ: Memory Process: C:\Program Files\ShopperPro\updater.exe
ELIMINÉ: Memory Process: C:\Program Files\YTDownloader\updater.exe
ELIMINÉ: Memory Process: C:\Program Files\XTab\ProtectService.exe

========== Estado dos serviços ==========
SBMNTR Parado
SPDRIVER_1473.0.0.0 Parado
WEBINSTRNHKT Parado
globalUpdate Parado
WindowsMangerProtect Parado
"IHProtect Service" Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F8CFC13F-EFA5-68FA-078F-B0E51C8A5AA1]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
ELIMINÉ: Service: globalUpdate
ELIMINÉ: Service: globalUpdatem
ELIMINÉ: Service: WindowsMangerProtect
ELIMINÉ: Service: IHProtect Service
ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=10
ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=4
ELIMINÉ: CLSID BHO: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
ELIMINÉ: CLSID BHO: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
ELIMINÉ: HKLM\Software\Conduit
ELIMINÉ: HKCU\Software\AnyProtect
ELIMINÉ: HKCU\Software\AppDataLow\Software\BlockAndSurf
ELIMINÉ: HKCU\Software\AppDataLow\Software\Crossrider
ELIMINÉ: HKCU\Software\InstallCore
ELIMINÉ: HKCU\Software\InstalledBrowserExtensions
ELIMINÉ: HKCU\Software\TutoTag
ELIMINÉ: HKCU\Software\YTDownloader
ELIMINÉ: HKCU\Software\globalUpdate
ELIMINÉ: HKLM\Software\GAMESDESKTOP
ELIMINÉ: HKLM\Software\GlobalUpdate
ELIMINÉ: HKLM\Software\InstalledBrowserExtensions
ELIMINÉ: HKLM\Software\SupDp
ELIMINÉ: HKLM\Software\Tutorials
ELIMINÉ: HKLM\Software\supTab
ELIMINÉ: HKLM\Software\supWindowsMangerProtect
ELIMINÉ: HKLM\Software\sweet-pageSoftware
ELIMINÉ: HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
ELIMINÉ: HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
ELIMINÉ: HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
ELIMINÉ RunValue: SPDriver
ELIMINÉ RunValue: YTDownloader

========== Elementos dos dados do Registo ==========
ELIMINÉ Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ: R1 Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ: R1 Search Page = *.local

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (42)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\ProgramData\APN
ELIMINÉ: c:\program files\ge-force
ELIMINÉ: c:\program files\globalupdate
ELIMINÉ: c:\program files\hotspot shield
ELIMINÉ: c:\program files\sense
ELIMINÉ: c:\program files\shopperpro
ELIMINÉ: c:\program files\ytdownloader
ELIMINÉ: c:\programdata\shopperpro
ELIMINÉ: c:\programdata\windowsmangerprotect
ELIMINÉ: c:\users\aldemir\appdata\roaming\anyprotectex
ELIMINÉ: c:\users\aldemir\appdata\roaming\hotspot shield
ELIMINÉ: c:\users\aldemir\appdata\roaming\sweet-page
ELIMINÉ: c:\users\aldemir\appdata\local\app
ELIMINÉ: c:\users\aldemir\appdata\local\globalupdate
ELIMINÉ: c:\users\aldemir\appdata\roaming\microsoft\windows\start menu\programs\ytdownloader

========== Ficheiros ==========
ELIMINÉ Temporários windows (1285) (287.721.067 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\program files\globalupdate\update\googleupdate.exe
ELIMINA REINICIAR: c:\programdata\windowsmangerprotect\protectwindowsmanager.exe
ELIMINA REINICIAR: c:\program files\xtab\protectservice.exe
ELIMINÉ: c:\program files\globalupdate\update\1.3.25.0\npgoogleupdate4.dll
ELIMINÉ: c:\program files\xtab\suptab.dll
ELIMINÉ: c:\programdata\shopperpro\shopperpro.dll
ELIMINA REINICIAR: c:\program files\shopperpro\jsdriver\1473.0.0.0\jsdrv.exe
ELIMINÉ: c:\program files\ytdownloader\ytdownloader.exe
ELIMINÉ: c:\windows\tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-6.job
ELIMINÉ: c:\windows\prefetch\jan7_cor_omiga-plus.exe-e70b27f2.pf
ELIMINÉ: c:\windows\prefetch\wpm_v20.0.0.1714.exe-e6ec7893.pf
ELIMINÉ: c:\users\aldemir\appdata\roaming\mjnqwzar.exe
ELIMINÉ: c:\users\aldemir\appdata\roaming\vblu.exe

========== Tarefa planificada ==========
ELIMINÉ: 94A46359-5537-4201-BEFD-1EC63DFD0943
ELIMINÉ: 94A46359-5537-4201-BEFD-1EC63DFD0943
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: APSnotifierPP1
ELIMINÉ: APSnotifierPP2
ELIMINÉ: APSnotifierPP3
ELIMINÉ: BlockAndSurf Update
ELIMINÉ: BlockAndSurf Update
ELIMINÉ: globalUpdateUpdateTaskMachineCore
ELIMINÉ: globalUpdateUpdateTaskMachineCore
ELIMINÉ: globalUpdateUpdateTaskMachineUA
ELIMINÉ: MJNQWZAR
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperProJSUpd
ELIMINÉ: ShopperProJSUpd
ELIMINÉ: SPDriver
ELIMINÉ: SPDriver
ELIMINÉ: VBLU
ELIMINÉ: VBLU
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloaderUpd
ELIMINÉ: YTDownloaderUpd

========== Pastas/Ficheiros ocultos restaurados ==========
Mes images (My Pictures) : 1 restaurados com sucesso
Ma musique (My Music) : 1 restaurados com sucesso
Ma Video (My Video) : 1 restaurados com sucesso
Mes Favoris (My Favorites) : 3 restaurados com sucesso
Mes Documents (My Documents) : 5 restaurados com sucesso
Mon Bureau (My Desktop) : 2 restaurados com sucesso
Menu demarrer (Programs) : 9 restaurados com sucesso
Dossier utilisateur (AppData) : 40 restaurados com sucesso
Programmes (Program Files) : 7 restaurados com sucesso


========== Recapitulativo ==========
5 : Processo memória
40 : Chaves do Registo
10 : Valores do Registo
3 : Elementos dos dados do Registo
18 : Pastas
15 : Ficheiros
7 : Softwares
6 : Estado dos serviços
35 : Tarefa planificada
69 : Pastas/Ficheiros ocultos restaurados


End of clean in 04mn 04s

========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/01/2015 15:12:19 [8298]

/!\ Boa Tarde! Aldemir /!\

> Siga,na ordem proposta,os procedimentos abaixo.
> Vá à esta página e execute o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ali proposto.

> Microsoft Fix it 50641 <

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Pierre13 )
> Salve-o no desktop!
> Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute-o e clique "Go".
> Aguarde seu término,que é rápido.
> Poste o relatório! ( SFT.txt )
> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!

> Acesse,para essa tarefa! < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ps: Dê início ao scan,clicando em "Examinar". 

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt > 

A+

boa tarde joram

ocorreu a mensagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

mas de acordo com o site da microsoft

tem a opção de seguir o sozinho

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

voialá

Aldemir escreveu:tem a opção de seguir o sozinho 

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

/!\ Boa Tarde! Aldemir /!\

> Tente o seguir sozinho,mas...parece-me que o erro é direcionado ao Windows XP. 
> Caso não consiga,pode abortar essa tentativa.
> Siga,então,com as demais ferramentas.  

A+

boa tarde joram

o fix it sugerido é para usuarios XP


se a versão do Windows que uso é o 7

deveria ser o fix it do 7 acredito eu

a não ser que o virus instalado em meu hd esteje passando-se pelo XP camuflado de seven
de tal forma que nós não consigamos perceber

será

poisé rapaz
eu fiquei confuso

ok

vamos lá

Aldemir escreveu:a não ser que o virus instalado em meu hd esteje passando-se pelo XP camuflado de seven 
de tal forma que nós não consigamos perceber

será [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

/!\ Olá! Aldemir /!\

> Incoerente esta suposição! O erro foi meu mesmo,ao lhe propor o Fix it.

A+

kkk...
tudo bem

vamos nessa

oi joram

aqui está o log

SFTGC

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Aldemir escreveu:oi joram

aqui está o log

SFTGC

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

/!\ Olá! Aldemir /!\

> Resta o relatório da ferramenta AdwCleaner.  
> Provavelmente lhe pedirei novo relatório de ZHPDiag,para avaliação.

A+

oi joram

desculpa por te deixar esperando

depois de passar adwcleaner o computador foi reiniciado como de costume

a demora foi que o icone de acesso a internet ficou marcado com um X
não sabia o que fazer desliguei PC liguei novamente
tentei usar uma restauração anterior
até que porem depois de tentativas liga e desliga PC e modem
em pendrive havia lá o drive de rede por minha sorte
mas não foi fácil corrigir
até que usei corretamente desinstalei o drive e o instalei novamente
funcionou. uffa

ok
adwcleaner:

surgiu dois logs
(R0) e (S0)

aqui vai:

# AdwCleaner v4.107 - Relatório criado 16/01/2015 às 16:55:57
# Atualizado 07/01/2015 por Xplode
# Database : 2015-01-13.2 [Live]
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Aldemir - ALDEMIR-PC
# Executando de : C:\Users\Aldemir\Downloads\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****

Serviço Encontrado : globalUpdate
Serviço Encontrado : globalUpdatem
Serviço Encontrado : sbmntr
Serviço Encontrado : WindowsMangerProtect
Serviço Encontrado : IHProtect Service

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Arquivo Encontrado : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Arquivo Encontrado : C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\bKgT5aML.default\user.js
Arquivo Encontrado : C:\Users\Aldemir\Desktop\Continue Live Installation.lnk
Arquivo Encontrado : C:\Windows\system32\drivers\hssdrv6.sys
Pasta Encontrado : C:\Program Files\predm
Pasta Encontrado : C:\Program Files\XTab
Pasta Encontrado : C:\ProgramData\baidu
Pasta Encontrado : C:\ProgramData\IHProtectUpDate
Pasta Encontrado : C:\Users\Aldemir\AppData\Local\CrashRpt
Pasta Encontrado : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Pasta Encontrado : C:\Users\Aldemir\AppData\Roaming\baidu
Pasta Encontrado : C:\Users\Public\Documents\baidu
Pasta Encontrado : C:\Users\Public\Documents\ShopperPro

***** [ Tarefas ] *****

Tarefa Encontrada : SMupdate1

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Encontrada : HKCU\Software\MGShareware
Chave Encontrada : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Encontrada : HKLM\SOFTWARE\Baidu
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrada : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Chave Encontrada : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Encontrada : HKLM\SOFTWARE\IHProtect
Chave Encontrada : HKLM\SOFTWARE\MGShareware
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\ShopperPro
Chave Encontrada : HKLM\SOFTWARE\YTDownloader
Chave Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [7843 octets] - [16/01/2015 16:55:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7903 octets] ##########



--------------------------------------------------------------------------------------------------------------



# AdwCleaner v4.107 - Relatório criado 16/01/2015 às 16:59:42
# Atualizado 07/01/2015 por Xplode
# Database : 2015-01-13.2 [Live]
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Aldemir - ALDEMIR-PC
# Executando de : C:\Users\Aldemir\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
[#] Serviço Deletada : sbmntr
[#] Serviço Deletada : WindowsMangerProtect
[#] Serviço Deletada : IHProtect Service

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IHProtectUpDate
Pasta Deletada : C:\Program Files\predm
Pasta Deletada : C:\Program Files\XTab
Pasta Deletada : C:\Users\Aldemir\AppData\Local\CrashRpt
Pasta Deletada : C:\Users\Aldemir\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Public\Documents\ShopperPro
Pasta Deletada : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Arquivo Deletada : C:\Windows\system32\drivers\hssdrv6.sys
Arquivo Deletada : C:\Users\Aldemir\Desktop\Continue Live Installation.lnk
Arquivo Deletada : C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\bKgT5aML.default\user.js
Arquivo Deletada : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Arquivo Deletada : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : SMupdate1

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKCU\Software\MGShareware
Chave Deletedo : HKLM\SOFTWARE\MGShareware
Chave Deletedo : HKLM\SOFTWARE\ShopperPro
Chave Deletedo : HKLM\SOFTWARE\YTDownloader
Chave Deletedo : HKLM\SOFTWARE\Baidu
Chave Deletedo : HKLM\SOFTWARE\IHProtect

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [7983 octets] - [16/01/2015 16:55:57]
AdwCleaner[S0].txt - [7741 octets] - [16/01/2015 16:59:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7801 octets] ##########

/!\ Boa Noite! Aldemir /!\

Aldemir escreveu:até que porem depois de tentativas liga e desliga PC e modem
em pendrive havia lá o drive de rede por minha sorte
mas não foi fácil corrigir
até que usei corretamente desinstalei o drive e o instalei novamente
funcionou. uffa 

> Muito rara essa ocorrência com a ferramenta AdwCleaner.
> Realize novo scan com ZHPDiag e poste seu relatório! ( ZHPDiag.txt )

A+

Olá Joram, boa noite !

ZHPdiag.txt :

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

joram escreveu:> Muito rara essa ocorrência com a ferramenta AdwCleaner.

pois é joram aconteceu :/

/!\ Boa Noite! Aldemir /!\

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
[MD5.A45721F5AFB6E49B9FEC5805CD1B643C] [SPRF][04/09/2014] (.No owner - Adware-Removal-Tool-v3.9.1.) -- C:\Users\Aldemir\Desktop\Adware-Removal-Tool-v3.9.1.exe   [753184]
O4 - HKLM\..\Run: [gmsd_br_100] Chave orfã
O43 - CFD: 16/01/2015 - 17:27:35 - [] ----D C:\Program Files\Adware-Removal-Tool
O43 - CFD: 16/01/2015 - 02:47:31 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 16/01/2015 - 17:27:35 - [] ----D C:\ProgramData\Baidu Security     
O44 - LFC:[MD5.5028604A0A5FB99CEF8D0E161EEB1CD3] - 08/01/2015 - 05:01:23 ---A- . (.Baidu, Inc. - Baidu Antivirus BdSandboxDll.dll.) -- C:\Windows\System32\BdSandboxDll32.dll   [330272]
[HKLM\Software\Ge-Force]   =>PUP.CrossRider^
HKCU\Software\Baidu Security]     
[HKCU\Software\Baixaki]     
[HKLM\Software\Baidu Security]
C:\Windows\System32\BdSandboxDll32.dll
C:\Program Files\Baidu Security 
C:\ProgramData\Baidu Security  

> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!


< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

A+

Olá joram boa noite!

ZHPfix


Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by Aldemir at 16/01/2015 22:21:17
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (Cancelado pelo utilizador)
Prefetcher vazio

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Ge-Force
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baixaki
ELIMINÉ: HKLM\Software\Baidu Security

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :

========== Pastas ==========
ELIMINÉ Temporários windows (0)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\Program Files\Adware-Removal-Tool
ELIMINÉ: C:\Program Files\Baidu Security
ELIMINÉ: C:\ProgramData\Baidu Security

========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (32.768 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\windows\system32\bdsandboxdll32.dll


========== Recapitulativo ==========
4 : Chaves do Registo
2 : Valores do Registo
5 : Pastas
3 : Ficheiros


End of clean in 01mn 05s

========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/01/2015 14:12:19 [8380]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R2].txt - 16/01/2015 22:21:27 [1303]

/!\ Boa Noite Aldemir /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute Zoek.exe como administrador.

ipconfig /flushdns;b
autoclean;
quickscan;
emptytemp; 

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script". 

Zoek.exe is running now. 
Do not start any browser windows, they will be closed automatically. 
Please wait! This window will close when finished. 
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt << 

A+

Olá joram boa noite!

como pedido relatorio:
zoek-results.txt




Zoek.exe v5.0.0.0 Updated 15-01-2015
Tool run by Aldemir on 17/01/2015 at 19:53:31,49.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-01-17-183618.log 38463 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

"C:\Users\Aldemir\AppData\Roaming\ViberPC\config.db" deleted
"C:\Users\Aldemir\AppData\Roaming\ViberPC\info.db" deleted
"C:\Users\Aldemir\AppData\Roaming\ViberPC" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Aldemir\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2015-01-16 19:52:34 8C3D0C73A0850A0EE62DF9EC36DBDE80 1904 ------w- C:\Windows\System32\SetupBD.din
2015-01-16 19:52:13 F192AA9C5A529292E6C67C3213E8E4D2 74944 ----a-w- C:\Windows\System32\NicInstK.dll
2015-01-16 19:52:13 4E9C27CCB18D0962477CC3D8473ABB1D 3138 ----a-w- C:\Windows\System32\e1k6232.din
2015-01-16 19:52:13 3E6E1DC8BDEFC3AC820C58FAF05CC959 68264 ----a-w- C:\Windows\System32\e1kmsg.dll
2015-01-15 18:58:48 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-15 18:58:48 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-01-14 17:55:02 306EB846F88E58C7E763946DE95952E3 46592 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-14 17:54:58 FD9692A3D31E021207D3C2A9DDDC2BE3 164864 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 17:54:52 F115C5CD29E512F18BD7138A094B77E5 242688 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-09 08:07:55 742BD1F196FEFC94A6379BA039D3CD00 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
2015-01-09 07:42:51 523AB607EEF81CC4D909E7FEBD8A788E 2297552 ----a-w- C:\Windows\System32\d3dx9_26.dll
====== C:\Windows\system32\drivers =====
2015-01-16 19:52:13 19E30C3C80D8CE29944B3F30FF9C8B76 224424 ----a-w- C:\Windows\System32\drivers\e1k6232.sys
2015-01-16 12:04:55 F89897263AD15D16442CE3C3C7848ED8 643168 ----a-w- C:\Windows\System32\drivers\klif.sys
2015-01-16 12:04:55 18E4506B0B2523B04D286F8E2C500C7F 111200 ----a-w- C:\Windows\System32\drivers\klflt.sys
2015-01-16 03:23:25 E12DB53A9457CA44FC4C93AAE0C3BCCE 431395 ----a-w- C:\Windows\System32\drivers\vsconfig.xml
2015-01-14 17:54:46 03F899F521D2AAED1C55008F734DF252 116224 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-16 12:13:46 -------- d-----w- C:\Program Files\ZHPDiag
2015-01-16 03:22:06 -------- d-----w- C:\Program Files\CheckPoint
2015-01-09 08:08:01 -------- d-----w- C:\Program Files\Common Files\Java
2015-01-09 08:06:53 -------- d-----w- C:\Program Files\Java
2015-01-07 21:50:49 -------- d-----w- C:\Program Files\Audacity
======= C: =====
2015-01-16 12:38:36 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\PhysicalDisk0_MBR.bin
====== C:\Users\Aldemir\AppData\Roaming ======
2015-01-17 18:33:46 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Users\USURIO~1\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2015-01-17 18:33:45 -------- d-----w- C:\Users\Aldemir\AppData\Local\Temp
2015-01-16 19:04:52 -------- d-----w- C:\Users\Aldemir\AppData\Local\ElevatedDiagnostics
2015-01-16 19:03:31 -------- d-----w- C:\Users\Aldemir\AppData\Local\Diagnostics
2015-01-16 12:13:46 -------- d-----w- C:\Users\Aldemir\AppData\Roaming\ZHP
2015-01-16 04:47:57 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Locallow\BAVData
2015-01-07 21:51:56 -------- d-----w- C:\Users\Aldemir\AppData\Roaming\Audacity
2015-01-01 07:11:48 -------- d-----w- C:\Users\Aldemir\AppData\Local\Viber
====== C:\Users\Aldemir ======
2015-01-16 21:44:21 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Downloads\sp51785.exe
2015-01-16 19:37:23 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Desktop\sp51785.exe
2015-01-16 18:53:52 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\Aldemir\Downloads\AdwCleaner.exe
2015-01-16 18:37:33 8DA935E5025B2503DF2C77967A711C6A 1348096 ----a-w- C:\Users\Aldemir\Downloads\SFTGC.exe
2015-01-16 16:18:43 71E6668A73C557EB2838AE749511CD08 592008 ----a-w- C:\Users\Aldemir\Downloads\setup (3).exe
2015-01-16 16:14:45 A269E6188F555E8A92A298DB41FB9E3E 592016 ----a-w- C:\Users\Aldemir\Downloads\setup (2).exe
2015-01-16 12:13:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-01-16 12:09:11 2E641DEDB02F330F62D0203AA78935FE 6867801 ----a-w- C:\Users\Aldemir\Downloads\ZHPDiag2.exe
2015-01-16 11:36:36 57F548CC50AD2DE004E07E6F77CE8015 227 ----a-w- C:\Users\TODOSO~1\bc.ini
2015-01-16 11:36:36 57F548CC50AD2DE004E07E6F77CE8015 227 ----a-w- C:\ProgramData\bc.ini
2015-01-16 11:35:06 -------- d-----w- C:\Users\TODOSO~1\Kaspersky Lab Setup Files
2015-01-16 11:35:06 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2015-01-16 11:32:00 11344ABFB6C92724D835396D68B3CF42 175205184 ----a-w- C:\Users\Aldemir\Downloads\kav15.0.0.463PT_6305.exe
2015-01-16 10:36:36 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup (1).exe
2015-01-16 10:36:05 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup.exe
2015-01-16 09:34:07 A45721F5AFB6E49B9FEC5805CD1B643C 753184 ----a-w- C:\Users\Aldemir\Desktop\Adware-Removal-Tool-v3.9.1.exe
2015-01-16 09:01:34 -------- d-----w- C:\Users\TODOSO~1\Avira
2015-01-16 09:01:34 -------- d-----w- C:\ProgramData\Avira
2015-01-16 08:29:30 C95E90024CD37DC00568E52A1F3452A8 575704 ----a-w- C:\Users\Aldemir\Downloads\Avira AntiVir Personal Edition Classic.exe
2015-01-16 08:09:09 F4BA7664700F718CD2827085490BE477 4514312 ----a-w- C:\Users\Aldemir\Downloads\avira_ptbr_av_44362890_7u5dx2fqtraa1bvmgund_wd.exe
2015-01-16 04:47:06 A0FFC86780957321DF37A911F5DBAD41 110585544 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits [1].exe
2015-01-16 04:27:48 DF4B6036A089AC6FA2B0607C32C6ECFD 2115360 ----a-w- C:\Users\Aldemir\Downloads\fg742p.exe
2015-01-16 03:23:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-01-16 03:17:06 -------- d-----w- C:\Users\TODOSO~1\CheckPoint
2015-01-16 03:17:06 -------- d-----w- C:\ProgramData\CheckPoint
2015-01-15 22:40:57 DCAAC830DD8CC98DE188D75F02E79520 34651995 ----a-w- C:\Users\Aldemir\Downloads\torbrowser-install-4.0.3_pt-PT.exe
2015-01-15 22:22:08 9BB42331A34825BCD9A15F853F91204B 226075384 ----a-w- C:\Users\Aldemir\Downloads\cispremium_installer.exe
2015-01-15 00:20:48 678FD7AA6ECA7E0ACA6A0C348F87E539 688923 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits.exe
2015-01-14 23:38:20 76B6F5D978B608A7788C48FFDB8E5E26 3401864 ----a-w- C:\Users\Aldemir\Downloads\zafwSetupWeb_133_209_000.exe
2015-01-13 14:09:10 -------- d-----w- C:\Users\TODOSO~1\ClubSanDisk
2015-01-13 14:09:10 -------- d-----w- C:\ProgramData\ClubSanDisk
2015-01-09 08:08:03 -------- d-----w- C:\Users\TODOSO~1\Sun
2015-01-09 08:08:03 -------- d-----w- C:\ProgramData\Sun
2015-01-09 08:07:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-09 08:07:07 -------- d-----w- C:\Users\TODOSO~1\Oracle
2015-01-09 08:07:07 -------- d-----w- C:\ProgramData\Oracle
2015-01-09 08:00:52 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\Aldemir\Downloads\chromeinstall-8u25.exe
2015-01-09 07:19:56 80AE5F8CD4AD4304F97C5103BBCD4B24 183221429 ----a-w- C:\Users\Aldemir\Downloads\crash bandicoot.exe
2015-01-09 07:12:02 698E8C33128A4C70483FCB04D7657FA4 65993068 ----a-w- C:\Users\Aldemir\Desktop\Driver2.exe
2015-01-09 07:10:06 698E8C33128A4C70483FCB04D7657FA4 65993068 ----a-w- C:\Users\Aldemir\Downloads\Driver2.exe
2015-01-07 21:49:48 79943BE44F8288EDC375E3599331F8FF 22892794 ----a-w- C:\Users\Aldemir\Downloads\audacity-win-2.0.6.exe
2014-12-19 23:42:28 B8CBFB26B5CEB354789A97329C667648 1534 ----a-w- C:\Users\TODOSO~1\ss.ini
2014-12-19 23:42:28 B8CBFB26B5CEB354789A97329C667648 1534 ----a-w- C:\ProgramData\ss.ini

====== C: exe-files ==
2015-01-17 00:20:22 785CC096C1286D187B1C5C6AE95BA774 118440 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\Adware-Removal-Tool\ARTP3.exe
2015-01-17 00:20:22 6CBB5C25FF043CE3D4F872777C0225FA 55976 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\Adware-Removal-Tool\ARTP2.exe
2015-01-17 00:18:47 785CC096C1286D187B1C5C6AE95BA774 118440 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\ARTP3.exe
2015-01-17 00:18:47 6CBB5C25FF043CE3D4F872777C0225FA 55976 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\ARTP2.exe
2015-01-16 21:44:21 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Downloads\sp51785.exe
2015-01-16 19:37:23 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Desktop\sp51785.exe
2015-01-16 18:53:52 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\Aldemir\Downloads\AdwCleaner.exe
2015-01-16 18:37:33 8DA935E5025B2503DF2C77967A711C6A 1348096 ----a-w- C:\Users\Aldemir\Downloads\SFTGC.exe
2015-01-16 17:10:57 1087BE1ED3E4CF8BAC3DFB8BCF76FACF 1891840 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\sweet-page.DIR\UninstallManager.exe
2015-01-16 17:10:56 E0D2751A49D2248BCCC1952C9352A08B 343848 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\Hotspot Shield\report\af_proxy_cmd_rep.exe
2015-01-16 17:10:55 C8AC9074C2DFD3814F656D1FECA32129 464384 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\windowsmangerprotect.DIR\ProtectWindowsManager.exe
2015-01-16 17:10:55 A91466B2F222DFE1DDAFF6D022F5544A 94872 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\Unelevate.exe
2015-01-16 17:10:55 5241562B6FA3E8FDA3B672688D269D71 595168 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\YTDUninstall.exe
2015-01-16 17:10:54 F524099338597504AE0C886F7142D420 3224576 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\jsdrv.exe
2015-01-16 17:10:54 F524099338597504AE0C886F7142D420 3224576 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\1473.0.0.0\jsdrv.exe
2015-01-16 17:10:54 E519F2BF8D35627AA8C712AA636F52FF 576718 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\rtmpdump.exe
2015-01-16 17:10:54 96962640A064909E25C52DCA7DDF27DB 2292584 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\converter.exe
2015-01-16 17:10:54 0BBC181FB6BF415DD2FD168689616FFF 385896 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\DownloadHelper.exe
2015-01-16 17:10:53 E19E548EBFDAEC96786AAE6A26CC65F0 602768 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\SPRemove.exe
2015-01-16 17:10:53 2973B2EAD3974BB7D5DD82550EE25678 2651899 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\sense.DIR\utils.exe
2015-01-16 17:10:53 086BC4815269AE04F6AA4E3F56CA2866 359424 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\HssWPR\HssInstaller.exe
2015-01-16 17:10:53 086BC4815269AE04F6AA4E3F56CA2866 359424 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\bin\HssInstaller.exe
2015-01-16 17:10:53 047816E17D816EB929040EBE3DF91320 122848 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\sense.DIR\Uninstall.exe
2015-01-16 17:10:52 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleUpdateBroker.exe
2015-01-16 17:10:52 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleUpdate.exe
2015-01-16 17:10:52 8B9FBB192520A8ED4DBC11E0EF69B079 2660455 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ge-force.DIR\utils.exe
2015-01-16 17:10:52 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleUpdateOnDemand.exe
2015-01-16 17:10:52 7C09767686DA9AE18D8D8EE03EA13B85 120800 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ge-force.DIR\Uninstall.exe
2015-01-16 17:10:52 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleCrashHandler.exe
2015-01-16 16:18:43 71E6668A73C557EB2838AE749511CD08 592008 ----a-w- C:\Users\Aldemir\Downloads\setup (3).exe
2015-01-16 16:14:45 A269E6188F555E8A92A298DB41FB9E3E 592016 ----a-w- C:\Users\Aldemir\Downloads\setup (2).exe
2015-01-16 12:13:47 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Program Files\ZHPDiag\catchme.exe
2015-01-16 12:13:47 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Program Files\ZHPDiag\mbrcheck.exe
2015-01-16 12:13:47 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
2015-01-16 12:13:47 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Program Files\ZHPDiag\mbr.exe
2015-01-16 12:13:47 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Program Files\ZHPDiag\Lads.exe
2015-01-16 12:13:47 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Program Files\ZHPDiag\pv.exe
2015-01-16 12:13:47 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Program Files\ZHPDiag\subinacl.exe
2015-01-16 12:13:47 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Program Files\ZHPDiag\setacl32.exe
2015-01-16 12:13:47 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Program Files\ZHPDiag\setacl64.exe
2015-01-16 12:13:47 2E30F0D775442FFBF68E7AB4603BFFDB 3060224 ----a-w- C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe
2015-01-16 12:13:47 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Program Files\ZHPDiag\sigcheck.exe
2015-01-16 12:13:46 E47AC731D42B2452D4C0BF096DF3DD6E 8145408 ----a-w- C:\Program Files\ZHPDiag\ZHPDiag.exe
2015-01-16 12:13:46 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files\ZHPDiag\ZHPhep.exe
2015-01-16 12:13:46 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Program Files\ZHPDiag\unins000.exe
2015-01-16 12:09:11 2E641DEDB02F330F62D0203AA78935FE 6867801 ----a-w- C:\Users\Aldemir\Downloads\ZHPDiag2.exe
2015-01-16 11:32:00 11344ABFB6C92724D835396D68B3CF42 175205184 ----a-w- C:\Users\Aldemir\Downloads\kav15.0.0.463PT_6305.exe
2015-01-16 10:36:36 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup (1).exe
2015-01-16 10:36:05 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup.exe
2015-01-16 09:34:07 A45721F5AFB6E49B9FEC5805CD1B643C 753184 ----a-w- C:\Users\Aldemir\Desktop\Adware-Removal-Tool-v3.9.1.exe
2015-01-16 08:29:30 C95E90024CD37DC00568E52A1F3452A8 575704 ----a-w- C:\Users\Aldemir\Downloads\Avira AntiVir Personal Edition Classic.exe
2015-01-16 08:09:09 F4BA7664700F718CD2827085490BE477 4514312 ----a-w- C:\Users\Aldemir\Downloads\avira_ptbr_av_44362890_7u5dx2fqtraa1bvmgund_wd.exe
2015-01-16 04:47:06 A0FFC86780957321DF37A911F5DBAD41 110585544 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits [1].exe
2015-01-16 04:29:56 A93F31991E187662BE9CE38C264B1115 2045664 ----a-w- C:\Users\Aldemir\Desktop\Nova pasta (3)\u1405.exe
2015-01-16 04:29:37 DF4B6036A089AC6FA2B0607C32C6ECFD 2115360 ----a-w- C:\Users\Aldemir\Desktop\Nova pasta (3)\fg742p.exe
2015-01-16 04:27:48 DF4B6036A089AC6FA2B0607C32C6ECFD 2115360 ----a-w- C:\Users\Aldemir\Downloads\fg742p.exe
2015-01-16 03:17:05 E21634343EBA5D754A318695C8161D99 2849392 ----a-w- C:\Program Files\CheckPoint\Install\Install.exe
2015-01-16 03:17:05 C7D74C58B999B8BCF8685DE01AE03CDA 59392 ----a-w- C:\Program Files\CheckPoint\Install\vsdrinst64.exe
2015-01-16 03:17:05 B8096F92F896E11462F7E9D4F811CBE4 68288 ----a-w- C:\Program Files\CheckPoint\Install\CUninstallerZA.exe
2015-01-16 03:17:05 B55245CEDEDB97492AE6DCBBA68D0F81 18040 ----a-w- C:\Program Files\CheckPoint\Install\Clean_tool64.exe
2015-01-16 03:17:05 B358697CC505A0996747CAF3B0C57807 16504 ----a-w- C:\Program Files\CheckPoint\Install\Clean_tool.exe
2015-01-16 03:17:05 AE83394A24D17A6D672A90B1908CAD63 437872 ----a-w- C:\Program Files\CheckPoint\Install\Launcher.exe
2015-01-16 03:17:05 674CE74F6511382F534D6AA2B4B37B75 62568 ----a-w- C:\Program Files\CheckPoint\Install\handlecmsg.exe
2015-01-16 03:17:05 47480F068389CF68CED679E8CA4DEC4D 745600 ----a-w- C:\Program Files\CheckPoint\Install\Uninst.exe
2015-01-16 03:17:05 2A2397F12C1CAB12B50300B2B3E70D34 65424 ----a-w- C:\Program Files\CheckPoint\Install\vsdrinst.exe
2015-01-16 00:50:20 BA7DC0C9141BE7292CA7E744B6F19F26 897104 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.99\39.0.2171.99_39.0.2171.95_chrome_updater.exe
2015-01-15 22:40:57 DCAAC830DD8CC98DE188D75F02E79520 34651995 ----a-w- C:\Users\Aldemir\Downloads\torbrowser-install-4.0.3_pt-PT.exe
2015-01-15 22:22:08 9BB42331A34825BCD9A15F853F91204B 226075384 ----a-w- C:\Users\Aldemir\Downloads\cispremium_installer.exe
2015-01-15 18:58:48 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-15 18:58:48 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-01-15 00:20:48 678FD7AA6ECA7E0ACA6A0C348F87E539 688923 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits.exe
2015-01-14 23:38:20 76B6F5D978B608A7788C48FFDB8E5E26 3401864 ----a-w- C:\Users\Aldemir\Downloads\zafwSetupWeb_133_209_000.exe
2015-01-14 17:55:02 306EB846F88E58C7E763946DE95952E3 46592 ----a-w- C:\Windows\System32\TSWbPrxy.exe
=== C: other files ==
2015-01-16 19:52:13 49E092ABAAC2F471655C38064C7B566F 215208 ----a-w- C:\Windows\System32\DriverStore\FileRepository\e1q6232.inf_x86_neutral_f7eb5929ba4b5093\e1q6232.sys
2015-01-16 19:52:13 19E30C3C80D8CE29944B3F30FF9C8B76 224424 ----a-w- C:\Windows\System32\DriverStore\FileRepository\e1k6232.inf_x86_neutral_b2d8b4c622f44b3a\e1k6232.sys
2015-01-16 19:52:13 19E30C3C80D8CE29944B3F30FF9C8B76 224424 ----a-w- C:\Windows\System32\drivers\e1k6232.sys
2015-01-16 17:11:19 44EAB3875BBF898CD5164BA58FB5F7B9 196 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\app.DIR\Popcorn Time\node_modules\nw-gyp\gyp\samples\samples.bat
2015-01-16 17:11:18 962AC97BA2737832F3233916D7C56494 201 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\app.DIR\Popcorn Time\node_modules\nw-gyp\gyp\gyp.bat
2015-01-16 17:10:54 9E308F9DEF03CEF04306A4FF7A26FF57 41320 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\jsdrv.sys
2015-01-16 17:10:54 9E308F9DEF03CEF04306A4FF7A26FF57 41320 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\1473.0.0.0\jsdrv.sys
2015-01-16 17:10:54 14B8E0A621C193D1644E2747AE7AFBF1 50024 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\sbmntr.sys
2015-01-16 17:10:53 21E25622478BE3B4BECDF1213BA5CDC8 39624 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\HssWPR\hssdrv6.sys
2015-01-16 12:04:55 F89897263AD15D16442CE3C3C7848ED8 643168 ----a-w- C:\Windows\System32\drivers\klif.sys
2015-01-16 12:04:55 18E4506B0B2523B04D286F8E2C500C7F 111200 ----a-w- C:\Windows\System32\drivers\klflt.sys
2015-01-16 04:29:27 107B392417CBD17D32F55B09E774A8E4 1985966 ----a-w- C:\Users\Aldemir\Desktop\u.zip
2015-01-16 04:29:19 107B392417CBD17D32F55B09E774A8E4 1985966 ----a-w- C:\Users\Aldemir\Downloads\u.zip
2015-01-16 03:38:20 21E25622478BE3B4BECDF1213BA5CDC8 39624 ----a-w- C:\Windows\System32\DriverStore\FileRepository\nethss6.inf_x86_neutral_f5f9af92919da52c\hssdrv6.sys
2015-01-14 22:33:41 9DC1AED30858C5CF238670FDE25B5491 4123065 ----a-w- C:\Users\Aldemir\Downloads\AdvOR-0.3.0.7.zip
2015-01-14 17:54:46 03F899F521D2AAED1C55008F734DF252 116224 ----a-w- C:\Windows\System32\drivers\mrxdav.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2887622060-1900363798-2962781400-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Aldemir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Viber"="C:\Users\Aldemir\AppData\Local\Viber\Viber.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"Wondershare Helper Compact.exe"="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ZoneAlarm"="C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Aldemir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Viber"="C:\Users\Aldemir\AppData\Local\Viber\Viber.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/09/2014 18:30]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Google Slides - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
WOT - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
AdBlock - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Pocket - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk
Google Wallet - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Empty IE Cache ======================

C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=614 folders=102 105593129 bytes)

==== Empty Temp Folders ======================

C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 17/01/2015 at 20:12:57,19 ======================

/!\ Boa Noite! Aldemir /!\

> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Estando na página,clique em Download Now. 
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema

> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?

A+

Olá joram, boa noite

pronto!

Delfix utilizado
removido ferramentas de desinfecção

tudo ok

pode mover este tópico a casos resolvidos
muito obrigado

abraços

Caso Resolvido

Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.