Remover - http://pthacker.no-ip.org:8181/is-ready

por PierreLima Ter 25 Mar 2014, 15:28

Olá amigos, boa tarde. Sou novato aqui no Fórum e gostaria de ajuda.
Meu note foi contaminado e ocorre a seguinte mensagem: "Uma ameça foi detectada" ininterruptamente pelo AVAST.
Além da mensagem aparece os seguintes dizeres:
Objeto: http://pthacker.no-ip.org:8181/is-ready
Infecção: URL:Mal
Processo: C:\Windows\System32\wscript.exe

Sou bastante leigo e gostaria de ajuda de algum amigo aqui do Fórum.

Desde já agradeço!

Pierre

por **Power Max** Ter 25 Mar 2014, 15:29

Remover - http://pthacker.no-ip.org:8181/is-ready 648673379

Olá Pierre.

Remover - http://pthacker.no-ip.org:8181/is-ready 772309

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por PierreLima Ter 25 Mar 2014, 21:09

Olá Power Max,

Me desculpe pela demora de responder. Abaixo está o que me pediu. Fico no aguardo. Obrigado!

# AdwCleaner v3.022 - Relatório criado 25/03/2014 às 20:59:21
# Atualizado 13/03/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Pierre - PIERRE-PC
# Executando de : C:\Users\Pierre\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Google Chrome v

[ Arquivo : C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [15158 octets] - [25/03/2014 13:50:35]
AdwCleaner[R1].txt - [892 octets] - [25/03/2014 20:56:46]
AdwCleaner[S0].txt - [14385 octets] - [25/03/2014 13:51:51]
AdwCleaner[S1].txt - [811 octets] - [25/03/2014 20:59:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [870 octets] ##########

por **Power Max** Qua 26 Mar 2014, 13:34

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por PierreLima Qua 26 Mar 2014, 14:26

Ok, estou fazendo o procedimento, acho que vai demorar um pouco mas logo mais postarei aqui.

por PierreLima Qua 26 Mar 2014, 14:37

Olá Power Max, conforme você solicitou, segue o resultado:

~ Relatório do ZHPDiag v2014.3.26.32 - Nicolas Coolman (26/03/2014)
~ Iniciado por Pierre (26/03/2014 14:22:24)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
Emsisoft Anti-Malware
Spybot - Search & Destroy v1.6.2
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.12 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3947 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 201 GB (44%) free of 448 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PIERRE-PC
~ User Name: Pierre
~ All Users Names: Pierre, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Pierre\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Pierre\AppData\Roaming\
~ %Desktop% : C:\Users\Pierre\Desktop\
~ %Favorites% : C:\Users\Pierre\Favorites\
~ %LocalAppData% : C:\Users\Pierre\AppData\Local\
~ %StartMenu% : C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 201 Go of 448 Go)
D: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.14/07/2011 - 02:01:45.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 02:05:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/4051
~ Mes musiques (My Musics) : 1/11972
~ Mes Videos (My Videos) : 1/89
~ Mes Favoris (My Favorites) : 1/85
~ Mes Documents (My Documents) : 1/754
~ Mon Bureau (My Desktop) : 7/12228
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 01mn 39s

---\\ Processos lançados
[MD5.D5D8D0D64F410B9F05E2BC00EC92EFC2] - (.CyberLink Corp. - clear.fi Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [120104] [PID.2132]
[MD5.61B6FB932CF78CAB7A1EF9F118A1A38E] - (.CyberLink - DMREngine.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [169352] [PID.2716]
[MD5.E4B89C1434AC5EE740E87CCF7769F50D] - (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656] [PID.4272]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.4388]
[MD5.8CFAFCD10B661D5770A32111EB4CD266] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528] [PID.4460]
[MD5.1B31D1266691EDD4224B0036449F14B4] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.4984]
[MD5.0D360F06B168A6F37ACA9D9F958245DA] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280] [PID.4420]
[MD5.96E8CF4D3731D90058DE39A3BECAD707] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1201448] [PID.4472]
[MD5.9ABC4E3B00CFA3A47D5569F5B49FE42F] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1103440] [PID.2960]
[MD5.A824317EA303679481EF1039A5D66212] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [343632] [PID.2940]
[MD5.57317C37A09799AF7F43C71A08E70662] - (.CyberLink Corp. - clear.fi Movie Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448] [PID.1312]
[MD5.BF739971EC9B05DAFEC793767B632BA9] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.2964]
[MD5.F8D427DAE2984A4968E2D1CB53634784] - (.Nuance Communications, Inc. - OCR Aware.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe [79400] [PID.5072]
[MD5.4476C54D84C792E6B9ECFE4C68BE50D0] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2460]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4412]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3428]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe [859976] [PID.2072]
[MD5.B1DD1B5C3BFD5AE9CDBA6E7019BFD2F4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8177664] [PID.5228]
[MD5.133E9D8945F8ADAA60101902DB7467B3] - (.Emsisoft GmbH - Emsisoft Anti-Malware Service.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584] [PID.960]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1440]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1708]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1732]
[MD5.9DD3A22F804697606C2B7FF9E912FF6B] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360] [PID.1808]
[MD5.21ACFD2B4BF6C0F4D9080A437E400E88] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [418896] [PID.1864]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1924]
[MD5.93B73DED2BC688F140C6AE2FBAD45789] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376] [PID.1964]
[MD5.1873214666F6F0A883742DF91FBC48C9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832] [PID.2012]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\SysWOW64\IoctlSvc.exe [81920] [PID.1232]
[MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.1296]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.2124]
[MD5.E79A8E33BD136D14BAE1FA20EB2EF124] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.4628]
[MD5.50C7CE53EF461870410355F1F2E7D515] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.4820]
[MD5.193FA51DDDD0BFFDED1C340F0434999A] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752] [PID.4364]
[MD5.374EBDA379A8F38E0CFC2211611E7167] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.848]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 15 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (.not file.)
P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (.Vitzo - VDownloader browser plug-in.) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 18 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH - Security Center.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
O4 - GS\QuickLaunch [Pierre]: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH - Security Center.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
O4 - GS\QuickLaunch [Pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Pierre]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Pierre]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\TaskBar [Pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Pierre]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 63 Legitimates Filtered in 00mn 06s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [KiesPDLR] . (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Default] Chave orfã
O4 - HKCU\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Dolby Advanced Audio v2] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Dolby PCEE4\pcee4.exe
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcadeMovieService] . (.CyberLink Corp. - clear.fi Movie Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [NWEReboot] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [SSBkgdUpdate] . (.Nuance Communications, Inc. - SSBkgdUpdate.) -- C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
O4 - HKLM\..\Wow6432Node\Run: [OpwareSE4] . (.Nuance Communications, Inc. - OCR Aware.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe =>.ScanSoft, Inc
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [emsisoft anti-malware] . (.Emsisoft GmbH - Background Guard.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
O4 - HKUS\.DEFAULT\..\Run: [rdclip] C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2013\cfgall\Lumin21-B1RP1.cpl (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [Default] Chave orfã
O4 - HKUS\S-1-5-18\..\Run: [rdclip] C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2013\cfgall\Lumin21-B1RP1.cpl (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [Default] Chave orfã
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run: [KiesPDLR] . (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run: [Default] Chave orfã
O4 - HKUS\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EC901B0-AEBC-49DB-B5CA-16A1B0C0941E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6EC901B0-AEBC-49DB-B5CA-16A1B0C0941E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6EC901B0-AEBC-49DB-B5CA-16A1B0C0941E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [SomotoUpdateCheckerAutoStart] (...) -- C:\Users\Pierre\AppData\Local\FilesFrog Update Checker\update_checker.exe (.not file.) [0] =>Adware.MegaSearch
[MD5.00000000000000000000000000000000] [APT] [{BF3B0064-7020-4004-99DF-8C313FE4B102}] (...) -- C:\Program Files (x86)\3M\PSNLite\Uninstall.exe (.not file.) [0]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 07s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 90 Legitimates Filtered in 00mn 30s

---\\ Software instalados (042)
O42 - Logiciel: MegaJogos (remove only) - (...) [HKLM][64Bits] -- MegaJogos
O42 - Logiciel: TRC-Brasil 13.10 2013-10-20 - (.Projeto Tracksource Brasil.) [HKLM][64Bits] -- Tracksource Roteável Completo - TRC-Brasil_is1
O42 - Logiciel: Ustream Producer - (.Ustream.) [HKLM][64Bits] -- {7495E6DD-0ED0-4007-9FC7-8649B7BA44B7}
~ Logic: 48 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Audiggle LTD]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\SDI]
[HKCU\Software\SautinSoft]
[HKCU\Software\mhk2]
[HKCU\Software\应用程序向导生成的本地应用程序]
[HKLM\Software\Fotos Slides Movie]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\SautinSoft]
~ Key Software: 438 Legitimates Filtered in 00mn 02s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/12/2012 - 12:04:53 - [0] ----D C:\Program Files (x86)\Audiggle
O43 - CFD: 24/03/2014 - 15:49:03 - [0,008] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/12/2012 - 12:45:58 - [475,102] ----D C:\Program Files (x86)\Tracksource
O43 - CFD: 19/06/2012 - 16:23:22 - [52,398] ----D C:\Program Files (x86)\Ustream
O43 - CFD: 24/03/2014 - 15:49:55 - [0,019] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 01/06/2012 - 16:37:39 - [1,523] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 16/03/2012 - 12:59:22 - [0,125] ----D C:\ProgramData\OEM_E471269A730D
O43 - CFD: 24/03/2014 - 15:51:36 - [27,645] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 30/05/2013 - 13:37:59 - [1,910] ----D C:\Users\Pierre\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/12/2012 - 12:21:38 - [0] ----D C:\Users\Pierre\AppData\Roaming\Stereoclip.0C12C647CD78A1D4B81E090F6CE0853FA29CBBC5.1
O43 - CFD: 21/09/2012 - 15:02:40 - [0] ----D C:\Users\Pierre\AppData\Roaming\Ustream Producer
O43 - CFD: 11/12/2012 - 11:30:26 - [0] ----D C:\Users\Pierre\AppData\Local\Audiggle_LTD
O43 - CFD: 18/04/2012 - 14:11:18 - [0,003] ----D C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MegaJogos
~ Program Folder: 276 Legitimates Filtered in 01mn 38s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.457489693CDBA877A93F875BB5C5F06F] - 19/03/2014 - 18:25:23 ---A- . (...) -- C:\Windows\FontData.fdb [283755]
O44 - LFC:[MD5.B954B3CBB582C46802364970D73E6534] - 21/03/2014 - 16:28:33 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [149524]
O44 - LFC:[MD5.52660EE865449B6D601DD8AA877C9150] - 21/03/2014 - 16:28:33 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709744]
O44 - LFC:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 24/03/2014 - 15:50:05 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O44 - LFC:[MD5.DFC1681F6645CB2AEA83897588F05362] - 24/03/2014 - 15:50:05 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O44 - LFC:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 24/03/2014 - 15:50:06 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O44 - LFC:[MD5.430462FE915AF3F9550843ACDFDA40CF] - 26/03/2014 - 14:12:50 ---A- . (...) -- C:\EamClean.log [386]
~ Files: 53 Legitimates Filtered in 00mn 06s

---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{df3aae76-eac4-11e1-8a6d-9439e54d8b9a}\AutoRun\command. (...) -- E:\.\StartModem.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 25/03/2014 - 10:11:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 25/03/2014 - 10:11:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.DBAA0C650C9549DC5C599D1E81DEDAAD] - 05/04/2011 - 08:26:26 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [142632]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E428DFFA96FAD07D8CA3C9082563A225] - 20/08/2013 - 07:02:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103576]
O58 - SDL:[MD5.AAF6F247F1DC370C593B4430974EAD9C] - 20/08/2013 - 07:02:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:[MD5.3248B5CC4AA7942EE7BC26F1EB00210B] - 20/08/2013 - 07:02:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [204568]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:[MD5.DDEE99DC54EFA20BD5A442CD733C4462] - 05/02/2013 - 05:54:40 ---A- . (...) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys [37344]
~ Drivers: 16 Legitimates Filtered in 00mn 05s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON =>Adware.BDSearch
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
~ Legacy: 103 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 4 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "DD6E59470DE07004F97C68947BAB447B" . (.Ustream Producer.) -- C:\Windows\Installer\{7495E6DD-0ED0-4007-9FC7-8649B7BA44B7}\_21F3885A18D238E15AAE81.exe
~ Update Products: 527 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 21/06/2011 173424 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
SS - | Demand 25/01/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 17/03/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/03/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 25/03/2014 4163584 | (a2AntiMalware) . (.Emsisoft GmbH.) - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 25/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 30/06/2011 353360 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 29/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Auto 30/04/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 15/05/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 05/04/2012 255376 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 01/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 23/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\SysWOW64\IoctlSvc.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 30/11/2010 336824 | (PSI_SVC_2_x64) . (.arvato digital services llc.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 01/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 01mn 16s

---\\ Scâner Aditional (088)
Database Version : 13031 - (26/03/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\Pierre\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
~ Additionnel Scan: 443034 Items scanned in 03mn 43s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ MSI: 3 link(s) detected in 00mn 00s

~ 1785 Legitimates filtered by white list
End of the scan (516 lines in 10mn 18s)(0)

por **Power Max** Qua 26 Mar 2014, 15:22

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________

Remover - http://pthacker.no-ip.org:8181/is-ready 772309

Siga, por gentileza, as dicas destes tutoriais:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
____________________________________________________________________________________________________________

Remover - http://pthacker.no-ip.org:8181/is-ready 772309

Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________

Remover - http://pthacker.no-ip.org:8181/is-ready 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o relatório do McShield Anti-Malware Tool que terá o nome MCShield-AllScans.txt, o qual estará na área de trabalho (Desktop) de seu PC e o log do Usbfix que estará em C:\UsbFix.txt

por PierreLima Qui 27 Mar 2014, 11:05

Olá Power Max, mais uma vez peço desculpas pela demora de postar os logs. Seguem abaixo conforme você me pediu:

USBFIX:

############################## | UsbFix V 7.167 | [Supressão]

Usuário: Pierre (Administrador) # PIERRE-PC
Atualizado em 13/03/2014 por El Desaparecido - Team SosVirus
Começou em 10:26:12 | 27/03/2014

Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Changelog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Support : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

PC: Acer (JE50_HR)
CPU: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
RAM -> [Total : 3948 Mo| Free : 2176 Mo]
Bios: Acer
Boot: Normal boot

OS: Microsoft Windows 7 Home Basic (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16521

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Emsisoft Anti-Malware [Enabled | Updated]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: Emsisoft Anti-Malware [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disco fixo # 448 Gb (204 Mb livre - 46%) [Acer] # NTFS
D:\ -> CD-ROM
E:\ -> Disco removível # 4 Gb (4 Mb livre - 100%) [KINGSTON] # FAT32
F:\ -> Disco removível # 7 Gb (7 Mb livre - 100%) [KINGSTON] # FAT32

################## | Processos Ativos |

C:\Windows\system32\csrss.exe (ID: 576 |ParentID: 552)
C:\Windows\system32\wininit.exe (ID: 660 |ParentID: 552)
C:\Windows\system32\csrss.exe (ID: 684 |ParentID: 668)
C:\Windows\system32\services.exe (ID: 724 |ParentID: 660)
C:\Windows\system32\lsass.exe (ID: 740 |ParentID: 660)
C:\Windows\system32\lsm.exe (ID: 748 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 860 |ParentID: 724)
C:\Windows\system32\winlogon.exe (ID: 928 |ParentID: 668)
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (ID: 964 |ParentID: 724)
C:\Windows\system32\svchost.exe (ID: 424 |ParentID: 724)
C:\Windows\System32\svchost.exe (ID: 628 |ParentID: 724)
C:\Windows\System32\svchost.exe (ID: 672 |ParentID: 724)
C:\Windows\system32\svchost.exe (ID: 1044 |ParentID: 724)
C:\Windows\system32\svchost.exe (ID: 1088 |ParentID: 724)
C:\Windows\system32\svchost.exe (ID: 1288 |ParentID: 724)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1396 |ParentID: 724)
C:\Windows\System32\spoolsv.exe (ID: 1584 |ParentID: 724)
C:\Windows\system32\svchost.exe (ID: 1632 |ParentID: 724)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1760 |ParentID: 724)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1784 |ParentID: 724)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1808 |ParentID: 724)
C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ID: 1856 |ParentID: 724)
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (ID: 1896 |ParentID: 724)
C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ID: 1904 |ParentID: 1856)
C:\Windows\system32\svchost.exe (ID: 1928 |ParentID: 724)
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (ID: 1956 |ParentID: 724)
C:\Program Files\Acer\Acer Updater\UpdaterService.exe (ID: 2000 |ParentID: 724)
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (ID: 2044 |ParentID: 724)
C:\Windows\SysWOW64\IoctlSvc.exe (ID: 1492 |ParentID: 724)
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (ID: 1688 |ParentID: 724)
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (ID: 1988 |ParentID: 724)
C:\Windows\system32\svchost.exe (ID: 2068 |ParentID: 724)
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (ID: 2136 |ParentID: 724)
C:\Windows\System32\WUDFHost.exe (ID: 2872 |ParentID: 672)
C:\Windows\system32\svchost.exe (ID: 3040 |ParentID: 724)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 560 |ParentID: 724)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 3036 |ParentID: 724)
C:\Windows\system32\sppsvc.exe (ID: 1656 |ParentID: 724)
C:\Windows\System32\svchost.exe (ID: 1876 |ParentID: 724)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2296 |ParentID: 724)
C:\Windows\system32\SearchIndexer.exe (ID: 2692 |ParentID: 724)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2056 |ParentID: 860)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 2656 |ParentID: 724)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2992 |ParentID: 860)
C:\Windows\servicing\TrustedInstaller.exe (ID: 1192 |ParentID: 724)
C:\Windows\system32\taskhost.exe (ID: 3120 |ParentID: 724)
C:\Windows\system32\taskeng.exe (ID: 3176 |ParentID: 1088)
C:\Windows\system32\Dwm.exe (ID: 3204 |ParentID: 672)
C:\Windows\Explorer.EXE (ID: 3248 |ParentID: 3168)
C:\Windows\system32\rundll32.exe (ID: 3288 |ParentID: 3176)
C:\Windows\system32\runonce.exe (ID: 3404 |ParentID: 3248)
C:\Windows\SysWOW64\runonce.exe (ID: 3420 |ParentID: 3404)
C:\Windows\system32\SearchProtocolHost.exe (ID: 3480 |ParentID: 2692)
C:\Windows\system32\SearchFilterHost.exe (ID: 3500 |ParentID: 2692)
C:\Windows\system32\taskeng.exe (ID: 3676 |ParentID: 1088)
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (ID: 3708 |ParentID: 3676)
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe (ID: 3736 |ParentID: 3676)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
04 - HKCU\..\Run : [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKCU\..\Run : [Fotos Slides Movie] wscript.exe //B "C:\Users\Pierre\AppData\Local\Temp\Fotos Slides Movie.vbe"
04 - HKCU\..\Run : [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
04 - HKLM\..\Run : [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\..\Run : [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
04 - HKLM\..\Run : [NWEReboot]
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
04 - [64bit] HKLM\..\Run : [Fotos Slides Movie] wscript.exe //B "C:\Users\Pierre\AppData\Local\Temp\Fotos Slides Movie.vbe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run : [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
04 - HKU\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run : [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKU\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run : [Fotos Slides Movie] wscript.exe //B "C:\Users\Pierre\AppData\Local\Temp\Fotos Slides Movie.vbe"
04 - HKU\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run : [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
04 - HKU\S-1-5-18\..\Run : [rdclip] C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2013\cfgall\Lumin21-B1RP1.cpl
04 - HKU\S-1-5-18\..\Run : [Default] -
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-19\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-18\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

################## | Procura genérica |

Supprimido ! C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fotos Slides Movie.vbe
Supprimido ! C:\Users\Pierre\AppData\Local\Temp\Fotos Slides Movie.vbe
Supprimido ! E:\Fotos Slides Movie.vbe
Supprimido ! F:\Fotos Slides Movie.vbe
Supprimido ! C:\Win
Supprimido ! C:\_OTL\MovedFiles\03272014_091656\C_Users\Pierre\AppData\Local\Temp\Fotos Slides Movie.vbe
Supprimido ! C:\_OTL\MovedFiles\03272014_094521\C_Users\Pierre\AppData\Local\Temp\Fotos Slides Movie.vbe

(!) Ficheiros temporários suprimido.

################## | Registro |

Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Supprimido ! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Default
Supprimido ! HKU\S-1-5-21-1856671205-1802347335-2671892420-1000\Software\Microsoft\Windows\CurrentVersion\Run|Fotos Slides Movie
Supprimido ! HKU\S-1-5-21-1856671205-1802347335-2671892420-1000\Software\.\.\.\.\Mountpoints2\{df3aae76-eac4-11e1-8a6d-9439e54d8b9a}

################## | Listing |

[24/08/2013 - 16:46:04 | D] - C:\$AVG
[18/03/2012 - 09:59:09 | SHD] - C:\$Recycle.Bin
[21/08/2013 - 17:53:49 | D] - C:\A118
[25/03/2014 - 20:59:28 | D] - C:\AdwCleaner
[16/03/2012 - 12:58:39 | D] - C:\Arquivos de Programas
[25/01/2012 - 00:17:37 | D] - C:\book
[17/10/2011 - 04:56:09 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[24/11/2012 - 22:40:27 | D] - C:\c8cba8d4de09360044
[26/03/2014 - 07:06:23 | D] - C:\Config.Msi
[20/01/2014 - 09:58:43 | N | 0 Ko] - C:\conversation.log
[03/06/2013 - 10:33:57 | D] - C:\Diablo
[14/07/2009 - 02:08:56 | SHD] - C:\Documents and Settings
[25/01/2012 - 00:44:59 | D] - C:\Dolby PCEE4
[27/03/2014 - 08:42:54 | N | 1 Ko] - C:\EamClean.log
[15/12/2013 - 19:58:29 | D] - C:\FFOutput
[27/03/2014 - 10:20:33 | ASH | 3031956 Ko] - C:\hiberfil.sys
[25/01/2012 - 00:13:36 | D] - C:\Intel
[20/08/2013 - 12:34:13 | D] - C:\J158
[17/03/2012 - 16:28:58 | RHD] - C:\MSOCache
[16/03/2012 - 13:01:03 | D] - C:\OEM
[27/03/2014 - 10:20:36 | ASH | 4042608 Ko] - C:\pagefile.sys
[14/07/2009 - 00:20:08 | D] - C:\PerfLogs
[20/04/2012 - 18:10:11 | D] - C:\PFiles
[25/03/2014 - 13:51:55 | D] - C:\Program Files
[26/03/2014 - 19:05:18 | D] - C:\Program Files (x86)
[26/03/2014 - 19:05:18 | HD] - C:\ProgramData
[16/03/2012 - 12:58:39 | SHD] - C:\Recovery
[27/03/2014 - 09:18:18 | SHD] - C:\System Volume Information
[11/04/2012 - 22:11:48 | D] - C:\Temp
[20/08/2013 - 12:34:26 | D] - C:\tmp
[27/03/2014 - 10:17:56 | D] - C:\UsbFix
[27/03/2014 - 10:35:57 | A | 10 Ko | 702C9ACCFF75B4778A10047C5C6C8CA6] - C:\UsbFix [Clean 2] PIERRE-PC.txt
[01/06/2012 - 16:26:49 | N | 0 Ko] - C:\user.js
[16/03/2012 - 12:58:46 | D] - C:\Users
[27/03/2014 - 08:43:04 | D] - C:\Windows
[27/03/2014 - 09:16:56 | D] - C:\_OTL

################## | Vaccin |

E:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
F:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |

_____________________________________________________________________________________________________________

ZHPFix:

Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre :
Run by Pierre at 27/03/2014 10:40:54
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (04mn 27s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BFILTER Parado
BFMON Parado
BPROTECT Parado

========== Chaves do Registo ==========
ELIMINÉ:* Mozilla Plugin: adobe.com/AdobeAAMDetect
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\mhk2
ELIMINÉ: HKCU\Software\???????????????
ELIMINÉ:* HKLM\Software\Fotos Slides Movie
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
ELIMINÉ O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
ELIMINÉ: Service: Bonjour Service
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
ELIMINÉ RunValue: Fotos Slides Movie
ELIMINÉ RunValue: NWEReboot
ELIMINÉ RunValue: rdclip
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\wscript.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINA REINICIAR: c:\program files\bonjour\mdnsresponder.exe
ELIMINÉ Temporários windows (7) (714.378 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: SomotoUpdateCheckerAutoStart
ELIMINÉ: {BF3B0064-7020-4004-99DF-8C313FE4B102}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
14 : Chaves do Registo
10 : Valores do Registo
1 : Pastas
7 : Ficheiros
3 : Estado dos serviços
2 : Tarefa planificada
1 : Restauração Sistema

End of clean in 05mn 21s

========== Caminho do ficheiro do relatório ==========
C:\Users\Pierre\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/03/2014 10:45:21 [2733]

____________________________________________________________________________________________________________________

E o log do McShield não foi salvo como você havia dito, mas achei esse aqui:

>>> MCShield AllScans.txt <<<

-----------------------------

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

26/03/2014 19:05:43 > Unidade C: - escanemaneto iniciado (Acer ~448 GB, NTFS HDD )...

=> A unidade está limpa.

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

26/03/2014 19:06:55 > Unidade E: - escanemaneto iniciado (KINGSTON ~3737 MB, FAT32 unidade flash )...

---> Executando rotinas genéricas de S&D... Procurando por arquivos escondidos pelo malware...

---> Itens para processar: 13

---> E:\._.Trashes > removido atributo oculto.

---> E:\Display_ConqTEM_Horiz.jpg > removido atributo oculto.

---> E:\._Display_ConqTEM_Horiz.jpg > removido atributo oculto.

---> E:\ConqTEM.jpg > removido atributo oculto.

---> E:\._ConqTEM.jpg > removido atributo oculto.

---> E:\._palazzo.eps > removido atributo oculto.

---> E:\wood_texture_by_yasse_inne-d5eu9w2.jpg > removido atributo oculto.

---> E:\._wood_texture_by_yasse_inne-d5eu9w2.jpg > removido atributo oculto.

---> E:\capa.jpg > removido atributo oculto.

---> E:\APRESENTAÇÃO.pdf > removido atributo oculto.

---> E:\LOCALIZAÇÃO CHACARAS CLUBE DO CAVALO.jpg > removido atributo oculto.

---> E:\palazzo.eps > removido atributo oculto.

---> E:\MAPA_curvas.eps > removido atributo oculto.

>>> E:\.lnk - Malware > Ecluido. (; MD5: df1627938e7d513971de7005d8975956)

>>> E:\wood_texture_by_yasse_inne-d5eu9w2.lnk - Malware > Ecluido. (14.03.26. 19.08 wood_texture_by_yasse_inne-d5eu9w2.lnk.419883; MD5: db38b1c544e0f1da40b0868d439a39e8)

>>> E:\capa.lnk - Malware > Ecluido. (; MD5: 5b0e610ffde540cab0b184d560b16ea6)

>>> E:\APRESENTAÇÃO.lnk - Malware > Ecluido. (; MD5: 909af79879183fd3f73927c5834a7860)

>>> E:\palazzo.lnk - Malware > Ecluido. (; MD5: aaf8f2061369541fc34aba40461cd42d)

>>> E:\MAPA_curvas.lnk - Malware > Ecluido. (; MD5: 148aa68c3e6f34ca27fbd46ac22982e2)

>>> E:\Fotos Slides Movie.vbe - Malware > Ecluido. (14.03.26. 19.08 Fotos Slides Movie.vbe.40705; MD5: 1452bc799b5a8e61f9717429390fa019)

=> Arquivos maliciosos : 7/7 apagado.
=> Arquivos Ocultos : 13/13 removido atributo oculto.

____________________________________________

::::: Duração do escaneamento: (Modo interativo)

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

26/03/2014 19:07:07 > Unidade F: - escanemaneto iniciado (KINGSTON ~7490 MB, FAT32 unidade flash )...

>>> F:\Fotos Slides Movie.vbe - Malware > Ecluido. (14.03.26. 19.08 Fotos Slides Movie.vbe.633557; MD5: 1452bc799b5a8e61f9717429390fa019)

=> Arquivos maliciosos : 1/1 apagado.

____________________________________________

::::: Duração do escaneamento: (Modo interativo)

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 08:44:37 > Unidade C: - escanemaneto iniciado (Acer ~448 GB, NTFS HDD )...

=> A unidade está limpa.

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 08:51:26 > Unidade E: - escanemaneto iniciado (KINGSTON ~3737 MB, FAT32 unidade flash )...

---> Executando rotinas genéricas de S&D... Procurando por arquivos escondidos pelo malware...

---> Itens para processar: 14

---> E:\._.Trashes > removido atributo oculto.

---> E:\.lnk.vir > removido atributo oculto.

---> E:\Display_ConqTEM_Horiz.jpg > removido atributo oculto.

---> E:\._Display_ConqTEM_Horiz.jpg > removido atributo oculto.

---> E:\ConqTEM.jpg > removido atributo oculto.

---> E:\._ConqTEM.jpg > removido atributo oculto.

---> E:\._palazzo.eps > removido atributo oculto.

---> E:\wood_texture_by_yasse_inne-d5eu9w2.jpg > removido atributo oculto.

---> E:\._wood_texture_by_yasse_inne-d5eu9w2.jpg > removido atributo oculto.

---> E:\capa.jpg > removido atributo oculto.

---> E:\APRESENTAÇÃO.pdf > removido atributo oculto.

---> E:\LOCALIZAÇÃO CHACARAS CLUBE DO CAVALO.jpg > removido atributo oculto.

---> E:\palazzo.eps > removido atributo oculto.

---> E:\MAPA_curvas.eps > removido atributo oculto.

>>> E:\.lnk.vir - Malware > Ecluido. (14.03.27. 08.53 .lnk.vir.698300; MD5: d41d8cd98f00b204e9800998ecf8427e)

>>> E:\APRESENTAÇÃO.lnk - Malware > Ecluido. (; MD5: 909af79879183fd3f73927c5834a7860)

>>> E:\LOCALIZAÇÃO CHACARAS CLUBE DO CAVALO.lnk - Malware > Ecluido. (14.03.27. 08.54 LOCALIZAÇÃO CHACARAS CLUBE DO CAVALO.lnk.11663; MD5: cc7dab1115ca568fd51a1ee3b34e557e)

>>> E:\palazzo.lnk - Malware > Ecluido. (; MD5: aaf8f2061369541fc34aba40461cd42d)

>>> E:\MAPA_curvas.lnk - Malware > Ecluido. (14.03.27. 08.54 MAPA_curvas.lnk.29624; MD5: 148aa68c3e6f34ca27fbd46ac22982e2)

>>> E:\Fotos Slides Movie.vbe - Malware > Ecluido. (14.03.27. 08.54 Fotos Slides Movie.vbe.7284; MD5: 1452bc799b5a8e61f9717429390fa019)

=> Arquivos maliciosos : 6/6 apagado.
=> Arquivos Ocultos : 14/14 removido atributo oculto.

____________________________________________

::::: Duração do escaneamento: (Modo interativo)

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 08:55:19 > Unidade E: - escanemaneto iniciado (KINGSTON ~3737 MB, FAT32 unidade flash )...

---> Executando rotinas genéricas de S&D... Procurando por arquivos escondidos pelo malware...

---> Itens para processar: 7

---> E:\._.Trashes > removido atributo oculto.

---> E:\Display_ConqTEM_Horiz.jpg > removido atributo oculto.

---> E:\._Display_ConqTEM_Horiz.jpg > removido atributo oculto.

---> E:\._ConqTEM.jpg > removido atributo oculto.

---> E:\._palazzo.eps > removido atributo oculto.

---> E:\._wood_texture_by_yasse_inne-d5eu9w2.jpg > removido atributo oculto.

---> E:\MAPA_curvas.eps > removido atributo oculto.

>>> E:\.lnk - Malware > Ecluido. (; MD5: df1627938e7d513971de7005d8975956)

>>> E:\wood_texture_by_yasse_inne-d5eu9w2.jpg - Malware > Ecluido. (14.03.27. 08.56 wood_texture_by_yasse_inne-d5eu9w2.jpg.801017; MD5: 0cef457772788dda03c79fa0b9bef979)

>>> E:\Fotos Slides Movie.vbe - Malware > Ecluido. (14.03.27. 08.56 Fotos Slides Movie.vbe.789876; MD5: 1452bc799b5a8e61f9717429390fa019)

=> Arquivos maliciosos : 3/3 apagado.
=> Arquivos Ocultos : 7/7 removido atributo oculto.

____________________________________________

::::: Duração do escaneamento: (Modo interativo)

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 08:57:28 > Unidade E: - escanemaneto iniciado (KINGSTON ~3737 MB, FAT32 unidade flash )...

>>> E:\Fotos Slides Movie.vbe - Malware > Ecluido. (14.03.27. 08.58 Fotos Slides Movie.vbe.130398; MD5: 1452bc799b5a8e61f9717429390fa019)

=> Arquivos maliciosos : 1/1 apagado.

____________________________________________

::::: Duração do escaneamento: (Modo interativo)

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 08:58:24 > Unidade E: - escanemaneto iniciado (KINGSTON ~3737 MB, FAT32 unidade flash )...

>>> E:\Fotos Slides Movie.vbe - Malware > Ecluido. (14.03.27. 08.59 Fotos Slides Movie.vbe.998516; MD5: 1452bc799b5a8e61f9717429390fa019)

=> Arquivos maliciosos : 1/1 apagado.

____________________________________________

::::: Duração do escaneamento: (Modo interativo)

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 08:59:25 > Unidade E: - escanemaneto iniciado (KINGSTON ~3737 MB, FAT32 unidade flash )...

>>> E:\Fotos Slides Movie.vbe - Malware > Ecluido. (14.03.27. 08.59 Fotos Slides Movie.vbe.242672; MD5: 1452bc799b5a8e61f9717429390fa019)

=> Arquivos maliciosos : 1/1 apagado.

____________________________________________

::::: Duração do escaneamento: (Modo interativo)

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 09:10:51 > Unidade F: - escanemaneto iniciado (KINGSTON ~7490 MB, FAT32 unidade flash )...

>>> F:\Fotos Slides Movie.vbe - Malware > Ecluido. (14.03.27. 09.12 Fotos Slides Movie.vbe.905178; MD5: 1452bc799b5a8e61f9717429390fa019)

=> Arquivos maliciosos : 1/1 apagado.

____________________________________________

::::: Duração do escaneamento: (Modo interativo)

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 09:20:57 > Unidade C: - escanemaneto iniciado (Acer ~448 GB, NTFS HDD )...

=> A unidade está limpa.

27/03/2014 09:20:58 > Unidade F: - escanemaneto iniciado (KINGSTON ~7490 MB, FAT32 unidade flash )...

>>> F:\Fotos Slides Movie.vbe - Malware > Ecluido. (14.03.27. 09.21 Fotos Slides Movie.vbe.254437; MD5: 1452bc799b5a8e61f9717429390fa019)

=> Arquivos maliciosos : 1/1 apagado.

____________________________________________

::::: Duração do escaneamento: (Modo interativo)

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 09:30:39 > Unidade E: - escanemaneto iniciado (KINGSTON ~3737 MB, FAT32 unidade flash )...

>>> E:\Fotos Slides Movie.vbe - Malware > Ecluido. (14.03.27. 09.35 Fotos Slides Movie.vbe.249432; MD5: 1452bc799b5a8e61f9717429390fa019)

=> Arquivos maliciosos : 1/1 apagado.

____________________________________________

::::: Duração do escaneamento: (Modo interativo)

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 09:39:09 > Unidade F: - escanemaneto iniciado (KINGSTON ~7490 MB, FAT32 unidade flash )...

=> A unidade está limpa.

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 09:52:24 > Unidade C: - escanemaneto iniciado (Acer ~448 GB, NTFS HDD )...

=> A unidade está limpa.

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 10:18:21 > Unidade E: - escanemaneto iniciado (KINGSTON ~3737 MB, FAT32 unidade flash )...

=> A unidade está limpa.

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

27/03/2014 10:52:21 > Unidade C: - escanemaneto iniciado (Acer ~448 GB, NTFS HDD )...

=> A unidade está limpa.

27/03/2014 10:52:21 > Unidade E: - escanemaneto iniciado (KINGSTON ~3737 MB, FAT32 unidade flash )...

=> A unidade está limpa.

27/03/2014 10:52:21 > Unidade F: - escanemaneto iniciado (KINGSTON ~7490 MB, FAT32 unidade flash )...

=> A unidade está limpa.

Mais uma vez agradeço pela paciência! Rss...

Grande abraço e fico no aguardo.

Pierre

por **Power Max** Qui 27 Mar 2014, 11:59

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por PierreLima Qui 27 Mar 2014, 12:18

Está aqui:

~ Relatório do ZHPDiag v2014.3.26.33 - Nicolas Coolman (26/03/2014)
~ Iniciado por Pierre (27/03/2014 12:06:25)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 64-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
Emsisoft Anti-Malware
Spybot - Search & Destroy v1.6.2

---\\ Softwares d'optimização do sistema
CCleaner v4.12 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3947 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 204 GB (45%) free of 448 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PIERRE-PC
~ User Name: Pierre
~ All Users Names: Pierre, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Pierre\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Pierre\AppData\Roaming\
~ %Desktop% : C:\Users\Pierre\Desktop\
~ %Favorites% : C:\Users\Pierre\Favorites\
~ %LocalAppData% : C:\Users\Pierre\AppData\Local\
~ %StartMenu% : C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 204 Go of 448 Go)
D: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.14/07/2011 - 02:01:45.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 02:05:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/4051
~ Mes musiques (My Musics) : 1/11972
~ Mes Videos (My Videos) : 1/89
~ Mes Favoris (My Favorites) : 1/85
~ Mes Documents (My Documents) : 1/755
~ Mon Bureau (My Desktop) : 8/12233
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 05s

---\\ Processos lançados
[MD5.89B7B1B233466CB6C19CF6EC2D49AED1] - (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816] [PID.2088]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.4836]
[MD5.8D40FA84FB925E1324D4DE4F619CDEE6] - (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.exe [13007440] [PID.3864]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe [859976] [PID.2880]
[MD5.51B4461F32E67D4F5C57B0C89E4BCA48] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8177664] [PID.1720]
[MD5.133E9D8945F8ADAA60101902DB7467B3] - (.Emsisoft GmbH - Emsisoft Anti-Malware Service.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584] [PID.964]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1396]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1760]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1784]
[MD5.9DD3A22F804697606C2B7FF9E912FF6B] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360] [PID.1856]
[MD5.21ACFD2B4BF6C0F4D9080A437E400E88] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [418896] [PID.1904]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1956]
[MD5.93B73DED2BC688F140C6AE2FBAD45789] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376] [PID.2000]
[MD5.1873214666F6F0A883742DF91FBC48C9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832] [PID.2044]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\SysWOW64\IoctlSvc.exe [81920] [PID.1492]
[MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.1688]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.2136]
[MD5.E79A8E33BD136D14BAE1FA20EB2EF124] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.560]
[MD5.50C7CE53EF461870410355F1F2E7D515] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.3036]
[MD5.374EBDA379A8F38E0CFC2211611E7167] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.2656]
~ Processes Running: Scanned in 00mn 02s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (.Vitzo - VDownloader browser plug-in.) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 18 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH - Security Center.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
O4 - GS\QuickLaunch [Pierre]: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH - Security Center.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
O4 - GS\QuickLaunch [Pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Pierre]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Pierre]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\TaskBar [Pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Pierre]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 63 Legitimates Filtered in 00mn 04s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\mcshieldrtm.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Dolby Advanced Audio v2] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Dolby PCEE4\pcee4.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [emsisoft anti-malware] . (.Emsisoft GmbH - Background Guard.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1856671205-1802347335-2671892420-1000\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\mcshieldrtm.exe
~ Application: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EC901B0-AEBC-49DB-B5CA-16A1B0C0941E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6EC901B0-AEBC-49DB-B5CA-16A1B0C0941E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6EC901B0-AEBC-49DB-B5CA-16A1B0C0941E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 84 Legitimates Filtered in 00mn 03s

---\\ Software instalados (042)
O42 - Logiciel: MCShield ::Anti-Malware Tool:: - (.MyCity.) [HKLM][64Bits] -- MCShield
O42 - Logiciel: MegaJogos (remove only) - (...) [HKLM][64Bits] -- MegaJogos
O42 - Logiciel: TRC-Brasil 13.10 2013-10-20 - (.Projeto Tracksource Brasil.) [HKLM][64Bits] -- Tracksource Roteável Completo - TRC-Brasil_is1
O42 - Logiciel: Ustream Producer - (.Ustream.) [HKLM][64Bits] -- {7495E6DD-0ED0-4007-9FC7-8649B7BA44B7}
~ Logic: 49 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Audiggle LTD]
[HKCU\Software\GbAs]
[HKCU\Software\MCShield]
[HKCU\Software\SDI]
[HKCU\Software\SautinSoft]
[HKCU\Software\b1.org]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\SautinSoft]
~ Key Software: 443 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/12/2012 - 12:04:53 - [0] ----D C:\Program Files (x86)\Audiggle
O43 - CFD: 26/03/2014 - 19:05:22 - [4,280] ----D C:\Program Files (x86)\MCShield
O43 - CFD: 26/12/2012 - 12:45:58 - [475,102] ----D C:\Program Files (x86)\Tracksource
O43 - CFD: 19/06/2012 - 16:23:22 - [52,398] ----D C:\Program Files (x86)\Ustream
O43 - CFD: 27/03/2014 - 11:14:30 - [4,868] ----D C:\ProgramData\MCShield
O43 - CFD: 16/03/2012 - 12:59:22 - [0,125] ----D C:\ProgramData\OEM_E471269A730D
O43 - CFD: 24/03/2014 - 15:51:36 - [27,645] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 11/12/2012 - 12:21:38 - [0] ----D C:\Users\Pierre\AppData\Roaming\Stereoclip.0C12C647CD78A1D4B81E090F6CE0853FA29CBBC5.1
O43 - CFD: 21/09/2012 - 15:02:40 - [0] ----D C:\Users\Pierre\AppData\Roaming\Ustream Producer
O43 - CFD: 11/12/2012 - 11:30:26 - [0] ----D C:\Users\Pierre\AppData\Local\Audiggle_LTD
O43 - CFD: 18/04/2012 - 14:11:18 - [0,003] ----D C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MegaJogos
~ Program Folder: 274 Legitimates Filtered in 00mn 59s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.457489693CDBA877A93F875BB5C5F06F] - 19/03/2014 - 18:25:23 ---A- . (...) -- C:\Windows\FontData.fdb [283755]
O44 - LFC:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 24/03/2014 - 15:50:05 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O44 - LFC:[MD5.DFC1681F6645CB2AEA83897588F05362] - 24/03/2014 - 15:50:05 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O44 - LFC:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 24/03/2014 - 15:50:06 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O44 - LFC:[MD5.B954B3CBB582C46802364970D73E6534] - 26/03/2014 - 19:09:03 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [149524]
O44 - LFC:[MD5.52660EE865449B6D601DD8AA877C9150] - 26/03/2014 - 19:09:03 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709744]
O44 - LFC:[MD5.C9067F6CE9555BDC9B38D79536F1B6AA] - 27/03/2014 - 08:42:54 ----- . (...) -- C:\EamClean.log [1452]
O44 - LFC:[MD5.6810E07658B1686C1991CA234103AD91] - 27/03/2014 - 10:35:58 ---A- . (...) -- C:\UsbFix [Clean 2] PIERRE-PC.txt [11171]
~ Files: 55 Legitimates Filtered in 00mn 08s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 25/03/2014 - 10:11:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 25/03/2014 - 10:11:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.DBAA0C650C9549DC5C599D1E81DEDAAD] - 05/04/2011 - 08:26:26 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [142632]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E428DFFA96FAD07D8CA3C9082563A225] - 20/08/2013 - 07:02:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103576]
O58 - SDL:[MD5.AAF6F247F1DC370C593B4430974EAD9C] - 20/08/2013 - 07:02:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:[MD5.3248B5CC4AA7942EE7BC26F1EB00210B] - 20/08/2013 - 07:02:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [204568]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:[MD5.DDEE99DC54EFA20BD5A442CD733C4462] - 05/02/2013 - 05:54:40 ---A- . (...) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys [37344]
~ Drivers: 16 Legitimates Filtered in 00mn 06s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Pierre\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 4 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "DD6E59470DE07004F97C68947BAB447B" . (.Ustream Producer.) -- C:\Windows\Installer\{7495E6DD-0ED0-4007-9FC7-8649B7BA44B7}\_21F3885A18D238E15AAE81.exe
~ Update Products: 527 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 21/06/2011 173424 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
SS - | Demand 25/01/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 17/03/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/03/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/05/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 25/03/2014 4163584 | (a2AntiMalware) . (.Emsisoft GmbH.) - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 25/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/06/2011 353360 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 29/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Auto 30/04/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 05/04/2012 255376 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 01/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 23/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\SysWOW64\IoctlSvc.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 30/11/2010 336824 | (PSI_SVC_2_x64) . (.arvato digital services llc.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 01/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 01mn 11s

---\\ Scâner Aditional (088)
Database Version : 13031 - (26/03/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly
~ Additionnel Scan: 443407 Items scanned in 04mn 37s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ MSI: 2 link(s) detected in 00mn 00s

~ 1802 Legitimates filtered by white list
End of the scan (419 lines in 08mn 34s)(0)

por **Power Max** Qui 27 Mar 2014, 14:53

Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________

Remover - http://pthacker.no-ip.org:8181/is-ready 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC após estes procedimentos

por PierreLima Qui 27 Mar 2014, 14:58

Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre :
Run by Pierre at 27/03/2014 14:54:30
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 05s)

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\b1.org
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (10) (1.019.931 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
5 : Chaves do Registo
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema

End of clean in 00mn 38s

========== Caminho do ficheiro do relatório ==========
C:\Users\Pierre\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/03/2014 10:45:21 [2814]
C:\Users\Pierre\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/03/2014 14:54:35 [1283]

O sistema parece estar limpo, pelo menos até agora não recebi nenhuma mensagem do Avast.

por **Power Max** Qui 27 Mar 2014, 15:17

Fico feliz que o problema tenha sido resolvido.

Remover - http://pthacker.no-ip.org:8181/is-ready 772309

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Remover - http://pthacker.no-ip.org:8181/is-ready 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Remover - http://pthacker.no-ip.org:8181/is-ready 648673379

Foi um prazer ajudar. Conte sempre conosco!

por PierreLima Qui 27 Mar 2014, 15:35

Valeu Power Max! isso aí!

Agradeço imensamente pelas dicas e pela paciência, rs...

Grande abraço e sucesso!

Pierre

por **Power Max** Sáb 05 Abr 2014, 22:23

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Remover - http://pthacker.no-ip.org:8181/is-ready

Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Re: Remover - http://pthacker.no-ip.org:8181/is-ready

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31