micro infectado

olá meu micro foi infectado
adw cleaner não conseguiu retirar do navegador esta pagina inicial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

o que eu faço?


passei tambem malwarebytes que me trouxe  esse resultado:

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 19/07/2014
Hora da Verificação: 09:33:43
Logfile: log.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.07.19.02
Rootkit Database: v2014.07.17.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Aldemir

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 457002
Tempo Decorrido: 1 hr, 23 min, 31 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 6
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{4df60d2c-927b-478c-83f0-b7dc923bae60}w, Quarantined, [a7b73f62a2d92412e6c5ab74b25218e8],
PUP.Optional.CashnBack.A, HKLM\SOFTWARE\Cash 'n Back, Quarantined, [bea0c5dc730863d38b615cb3d0348b75],
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\SearchSnacks, Quarantined, [4519069b6417181e7e8adff07c86ef11],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [4e10b2efbfbc8fa753a1932e1be7a55b],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-319051660-3763609122-3835800138-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin, Quarantined, [74eab8e98dee50e6707a5098e91953ad],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-319051660-3763609122-3835800138-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CABD58F0-2B19-4ACC-A349-2A7C6C401638}, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],

Valores de Registro: 2
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [4e10b2efbfbc8fa753a1932e1be7a55b]
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|search-snacks@search-snacks.com, C:\Program Files\Mozilla Firefox\extensions\search-snacks@search-snacks.com, Quarantined, [e07e3d64f88395a153b4c10e8c76728e]

Dados do Registro: 0
(No malicious items detected)

Pastas: 15
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\tdi, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\tdi\amd64, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\tdi\i386, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\wfp, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Common, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2, Quarantined, [cd915b46730863d3cc12f7ad23df35cb],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\2.0.0.1829, Quarantined, [cd915b46730863d3cc12f7ad23df35cb],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\Profiles, Quarantined, [cd915b46730863d3cc12f7ad23df35cb],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\Profiles\10873, Quarantined, [cd915b46730863d3cc12f7ad23df35cb],

Arquivos: 88
PUP.Optional.SearchHijacker.A, C:\Users\Aldemir\AppData\Local\Temp\300614_a4.exe, Quarantined, [2c32b7ea2c4fc0769a3a79227c85fa06],
PUP.Optional.Midia, C:\Users\Aldemir\Downloads\Download Pre-calculo Para Leigos.exe, Quarantined, [6df1fda4512aa78f1fe3ddbd8180b24e],
PUP.Optional.DownloadAdmin, C:\Users\Aldemir\Downloads\horizon-setup.exe, Quarantined, [4b13d2cf7a01ed4917308213e91850b0],
PUP.Optional.WebSearchs.A, C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, Quarantined, [f46adcc5e59665d1d7dc03becd35956b],
PUP.Optional.Superfish.A, C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [0559534e7ffc3df9117d973ae61cca36],
PUP.Optional.Superfish.A, C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [401edec37ffc290dfd910dc4e61c2dd3],
PUP.Optional.Websteroids.A, C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage, Quarantined, [f569851c63186acc1905aa3224de36ca],
PUP.Optional.Websteroids.A, C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage-journal, Quarantined, [61fdbbe6592260d61c02ca129969b64a],
PUP.Optional.FindWideTB.A, C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default\searchplugins\findwide.xml, Quarantined, [4e102e734338fe386a95a03e7e840cf4],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{4df60d2c-927b-478c-83f0-b7dc923bae60}w.sys, Quarantined, [a7b73f62a2d92412e6c5ab74b25218e8],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\CashNBack.exe, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\icon.ico, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\libeay32.dll, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\msvcp110.dll, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\msvcr110.dll, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\nfapi.dll, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\nfregdrv.exe, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\ProtocolFilters.dll, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\ssleay32.dll, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\tdi\amd64\cashnbackdrv.sys, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.CashnBack.A, C:\Program Files\RBM\CashNBack\tdi\i386\cashnbackdrv.sys, Quarantined, [7ee05150285372c4b5b68e1626dc966a],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\Autorun.inf, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\crx.tar, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\GameApps.ini, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\GameConsole.exe, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\GameEngine.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\GLOBALUNINSTALL.TNT, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\hmac.1.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\iestage2.1.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\IEToolbar.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\IEToolbar64.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\INSTALL.TNT, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\LastSession.log, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\log.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\MinecraftShims64.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\npTNT2.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\PARTNER.TNT, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\passport.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\passport64.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\pinnedSearch.htm, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\pinnedSearch_FindWide.htm, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\pinnedSearch_Freshy.htm, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\progress.1.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\regsvr.1.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\RemoteSkin.wms, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\sqlite.1.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\TNT2User.exe, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\TNT2UserPS.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\TNT2UserPS64.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\TntMagicDel.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\UnInjLib.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\UnInjLib64.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\UNINSTALL.TNT, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\UninstallDlg.1.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\untar.1.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\UPDATE.TNT, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\xpi.tar, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\2.0.0.1829\zipunzip.1.dll, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Common\GameConsole.exe, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\icon.ico, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\inst.ini, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\LastSession.log, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\os10873.xml, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\PARTNER.3.TNT, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\partner.dat, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\runt.ini, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\tnt_32x32.png, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\toolbar10873@findwide.com.xpi, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\yah10873.xml, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache\174800aa848d25a8046ebe0627075e40, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache\2acb3d320e6d06a1f53e26c88680578d, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache\33d24483a26d2821cdf1424a88101c64, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache\3b4af445da352763e9d749e3903a2a74, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache\53347a1539592b7d0a13dee56d899d9d, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache\6548291f8a8708c759468d383b69c32d, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache\69eabf03002c2f08dc31f764265e0e84, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache\9272262bbd60e7676a5afab5416ef7cb, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache\ac7829f5a96db79589f0014e26c21af1, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache\bbdc194061ce660e5e4224f5179609b8, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Users\Aldemir\AppData\Local\TNT2\Profiles\10873\Cache\e00c254ae55a4ba7b4eebbe03f39152c, Quarantined, [3f1fd1d0116a6fc729b4eeb662a03bc5],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\TNT2UserPS.dll, Quarantined, [cd915b46730863d3cc12f7ad23df35cb],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\TNT2UserPS64.dll, Quarantined, [cd915b46730863d3cc12f7ad23df35cb],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\2.0.0.1829\IEToolbar.dll, Quarantined, [cd915b46730863d3cc12f7ad23df35cb],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\2.0.0.1829\IEToolbar64.dll, Quarantined, [cd915b46730863d3cc12f7ad23df35cb],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\Profiles\10873\passport.dll, Quarantined, [cd915b46730863d3cc12f7ad23df35cb],
PUP.Optional.TidyNetwork.A, C:\Program Files\TNT2\Profiles\10873\passport64.dll, Quarantined, [cd915b46730863d3cc12f7ad23df35cb],
PUP.Optional.FindWide.A, C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.findwide.com/serp?guid={CABD58F0-2B19-4ACC-A349-2A7C6C401638}&action=default_search&serpv=22&k="), Replaced,[73eb8e13d1aae452b0327e596f95fc04]
PUP.Optional.FindWide.A, C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.findwide.com/?guid={CABD58F0-2B19-4ACC-A349-2A7C6C401638}&serpv=22"), Replaced,[90ce148d235837ffce7903d5f311fd03]

Physical Sectors: 0
(No malicious items detected)


(end)

Olá Aldemir. Poste também o relatório do Adwcleaner para que possamos analisar.

ok
adw cleaner:

# AdwCleaner v3.209 - Relatório criado 19/05/2014 às 21:59:19
# Atualizado 18/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Aldemir - PC-ALDEMIR
# Executando de : C:\Users\Aldemir\Downloads\AdwCleaner-3.209.exe
# Opção : Examinar

***** [ Serviços ] *****

Serviço Encontrado : ca82e1a5
Serviço Encontrado : globalUpdate
Serviço Encontrado : globalUpdatem

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Users\Aldemir\Desktop\Optimizer Pro.lnk
Arquivo Encontrado : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Encontrado : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Encontrado : C:\Windows\System32\Tasks\YourFile DownloaderUpdate
Arquivo Encontrado : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Encontrado : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Pasta Encontrado : C:\Program Files\003
Pasta Encontrado : C:\Program Files\globalUpdate
Pasta Encontrado : C:\Program Files\Optimizer Pro
Pasta Encontrado : C:\Program Files\YourFileDownloader Updater
Pasta Encontrado : C:\ProgramData\baidu
Pasta Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Pasta Encontrado : C:\ProgramData\WPM
Pasta Encontrado : C:\Users\Aldemir\AppData\Local\Genesis
Pasta Encontrado : C:\Users\Aldemir\AppData\Local\globalUpdate
Pasta Encontrado : C:\Users\Aldemir\AppData\Roaming\baidu
Pasta Encontrado : C:\Users\Aldemir\AppData\Roaming\Optimizer Pro
Pasta Encontrado : C:\Users\Aldemir\AppData\Roaming\SupTab
Pasta Encontrado : C:\Users\Aldemir\AppData\Roaming\YourFileDownloader
Pasta Encontrado : C:\Users\Aldemir\Documents\Optimizer Pro
Pasta Encontrado : C:\Users\Public\Documents\baidu

***** [ Atalhos ] *****

Atalho Encontrado : C:\Users\Aldemir\Desktop\Google Chrome (2).lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Aldemir\Desktop\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )

***** [ Registro ] *****

Chave Encontrada : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Encontrada : HKCU\Software\AppDataLow\Software\simplytech
Chave Encontrada : HKCU\Software\genesis
Chave Encontrada : HKCU\Software\installedbrowserextensions
Chave Encontrada : HKCU\Software\Optimizer Pro
Chave Encontrada : HKCU\Software\simplytech
Chave Encontrada : HKCU\Software\YourFileDownloader
Chave Encontrada : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Encontrada : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Encontrada : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Encontrada : HKLM\Software\installedbrowserextensions
Chave Encontrada : HKLM\Software\LevelQualityWatcher
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C40F147B-06D5-49D6-9390-08738C870962}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C54D5E31-C7D6-49FD-BDD9-489EB69C42B7}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53B0EA06-D969-447A-8713-12B202DF45B2}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53B0EA06-D969-447A-8713-12B202DF45B2}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C40F147B-06D5-49D6-9390-08738C870962}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C54D5E31-C7D6-49FD-BDD9-489EB69C42B7}
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Encontrada : HKLM\Software\SupTab
Chave Encontrada : HKLM\Software\supWPM
Chave Encontrada : HKLM\Software\Wpm
Chave Encontrada : HKLM\Software\YourFileDownloader
Dados Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~2.dll
Valor Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041

Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Google Chrome v34.0.1847.137

[ Arquivo : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Encontrada [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Encontrada [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Encontrada [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [8430 octets] - [19/05/2014 21:59:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8490 octets] ##########

No relatório do Adwcleaner está constando que você usou só a função de Examinar. Falta você clicar no botão Limpar para que os adwares sejam removidos.

Veja mais detalhes no tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

ok vou dar uma olhada

aqui vai

# AdwCleaner v3.210 - Relatório criado 19/07/2014 às 12:33:37
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Aldemir - PC-ALDEMIR
# Executando de : C:\Users\Aldemir\Downloads\adwcleaner_3.210.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\findwide.xml
Arquivo Deletada : C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default\user.js

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (pt-BR)

[ Arquivo : C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default\prefs.js ]

Linha deletada : user_pref("browser.search.defaultenginename", "FindWide");
Linha deletada : user_pref("browser.search.selectedEngine", "FindWide");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://search.findwide.com/?guid={CABD58F0-2B19-4ACC-A349-2A7C6C401638}&serpv=22");
Linha deletada : user_pref("extensions.enabledAddons", "toolbar10873%40findwide.com:2.0.0.1829,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0");
Linha deletada : user_pref("keyword.url", "hxxp://search.findwide.com/serp?guid={CABD58F0-2B19-4ACC-A349-2A7C6C401638}&action=default_search&serpv=22&k=");

-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8570 octets] - [19/05/2014 21:59:19]
AdwCleaner[R10].txt - [2120 octets] - [31/05/2014 20:40:55]
AdwCleaner[R11].txt - [2194 octets] - [01/06/2014 16:12:02]
AdwCleaner[R12].txt - [2242 octets] - [04/06/2014 15:11:01]
AdwCleaner[R13].txt - [2364 octets] - [06/06/2014 21:32:37]
AdwCleaner[R14].txt - [2486 octets] - [07/06/2014 20:14:25]
AdwCleaner[R15].txt - [2609 octets] - [08/06/2014 16:04:49]
AdwCleaner[R16].txt - [2731 octets] - [08/06/2014 22:43:08]
AdwCleaner[R17].txt - [2853 octets] - [12/06/2014 00:11:46]
AdwCleaner[R18].txt - [2975 octets] - [14/06/2014 13:53:41]
AdwCleaner[R19].txt - [3097 octets] - [16/06/2014 20:53:20]
AdwCleaner[R1].txt - [1356 octets] - [19/05/2014 22:07:40]
AdwCleaner[R20].txt - [3219 octets] - [20/06/2014 21:53:03]
AdwCleaner[R21].txt - [3341 octets] - [25/06/2014 20:48:33]
AdwCleaner[R22].txt - [4135 octets] - [10/07/2014 12:36:18]
AdwCleaner[R23].txt - [6058 octets] - [18/07/2014 22:06:53]
AdwCleaner[R24].txt - [5093 octets] - [19/07/2014 12:32:36]
AdwCleaner[R2].txt - [1698 octets] - [19/05/2014 22:35:38]
AdwCleaner[R3].txt - [1156 octets] - [19/05/2014 22:38:15]
AdwCleaner[R4].txt - [1718 octets] - [22/05/2014 21:42:13]
AdwCleaner[R5].txt - [1771 octets] - [22/05/2014 22:07:59]
AdwCleaner[R6].txt - [1739 octets] - [22/05/2014 22:36:28]
AdwCleaner[R7].txt - [2015 octets] - [25/05/2014 22:46:40]
AdwCleaner[R8].txt - [2076 octets] - [26/05/2014 17:38:56]
AdwCleaner[R9].txt - [4794 octets] - [28/05/2014 14:43:15]
AdwCleaner[S0].txt - [7607 octets] - [19/05/2014 22:01:00]
AdwCleaner[S10].txt - [2176 octets] - [31/05/2014 20:43:09]
AdwCleaner[S11].txt - [2252 octets] - [01/06/2014 16:12:36]
AdwCleaner[S12].txt - [2302 octets] - [04/06/2014 15:11:36]
AdwCleaner[S13].txt - [2424 octets] - [06/06/2014 21:33:18]
AdwCleaner[S14].txt - [2546 octets] - [07/06/2014 20:14:58]
AdwCleaner[S15].txt - [2668 octets] - [08/06/2014 16:05:23]
AdwCleaner[S16].txt - [2790 octets] - [08/06/2014 22:43:44]
AdwCleaner[S17].txt - [2912 octets] - [12/06/2014 00:12:28]
AdwCleaner[S18].txt - [3034 octets] - [14/06/2014 13:54:14]
AdwCleaner[S19].txt - [3156 octets] - [16/06/2014 20:54:09]
AdwCleaner[S1].txt - [1406 octets] - [19/05/2014 22:08:18]
AdwCleaner[S20].txt - [3278 octets] - [20/06/2014 21:55:14]
AdwCleaner[S21].txt - [3400 octets] - [25/06/2014 20:49:11]
AdwCleaner[S22].txt - [4184 octets] - [10/07/2014 12:37:52]
AdwCleaner[S23].txt - [5979 octets] - [18/07/2014 22:08:18]
AdwCleaner[S24].txt - [4506 octets] - [19/07/2014 12:33:37]
AdwCleaner[S2].txt - [1744 octets] - [19/05/2014 22:36:18]
AdwCleaner[S3].txt - [1215 octets] - [19/05/2014 22:38:49]
AdwCleaner[S4].txt - [1766 octets] - [22/05/2014 21:43:36]
AdwCleaner[S5].txt - [1821 octets] - [22/05/2014 22:08:42]
AdwCleaner[S6].txt - [1793 octets] - [22/05/2014 22:37:30]
AdwCleaner[S7].txt - [2063 octets] - [25/05/2014 22:47:56]
AdwCleaner[S8].txt - [2126 octets] - [26/05/2014 17:39:28]
AdwCleaner[S9].txt - [4782 octets] - [28/05/2014 14:44:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S24].txt - [5047 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

aquí está


Zoek.exe v5.0.0.0 Updated 16-07-2014
Tool run by Aldemir on 19/07/2014 at 13:28:42,10.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-31-120631.log 19756 bytes
C:\zoek-results2014-06-01-171352.log 16381 bytes
C:\zoek-results2014-06-01-173139.log 15985 bytes
C:\zoek-results2014-07-19-160058.log 1500 bytes
C:\zoek-results2014-07-19-162329.log 17378 bytes

==== System Restore Info ======================

19/07/2014 13:29:25 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default\prefs.js:
user_pref("browser.startup.homepage", "http://search.findwide.com/?guid={CABD58F0-2B19-4ACC-A349-2A7C6C401638}&serpv=22");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "FindWide");
user_pref("browser.search.selectedEngine", "FindWide");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://search.findwide.com/serp?guid={CABD58F0-2B19-4ACC-A349-2A7C6C401638}&action=default_search&serpv=22&k=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_072014_1336_.backup

==== Deleting Files \ Folders ======================

"C:\Program Files\Mozilla Firefox\browser\searchplugins\findwide.xml" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default
- Undetermined - %ProfilePath%\extensions\CookiesIE@yahoo.com.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default
6C6A2C5957AD53255B2F2EDCCD42FC76 - C:\Users\Aldemir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

Google Docs - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Aldemir\Desktop\cookie by.rtf - Atalho.lnk - C:\Users\Aldemir\Documents\cookie by.rtf
C:\Users\Aldemir\Desktop\Cookies extenção netflix.rtf - Atalho.lnk - C:\Users\Aldemir\Documents\Cookies extenção netflix.rtf
C:\Users\Aldemir\Desktop\cookies_exportimport-1.0-fx.xpi - Atalho.lnk - C:\Users\Aldemir\Downloads\cookies_exportimport-1.0-fx.xpi
C:\Users\Aldemir\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\Desktop\Watchtower Library 2012 - Português.lnk - C:\Program Files\Watchtower\Watchtower Library 2012\T\WTLibrary.exe
C:\Users\Aldemir\Desktop\Watchtower Library 2013 - Português.lnk - C:\Program Files\Watchtower\Watchtower Library 2013\T\WTLibrary.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced SystemCare 7.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Public\Desktop\Horizon.lnk - C:\Program Files\Daring Development\Horizon\v2\Horizon.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Panda Antivirus Pro 2014.lnk - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\Iface.exe
C:\Users\Public\Desktop\Unity.lnk - C:\Program Files\Unity\Editor\Unity.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMPKeys\WMPKeys Readme.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Advanced SystemCare 7.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon\Horizon.lnk - C:\Program Files\Daring Development\Horizon\v2\Horizon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2014\Desinstalar.lnk - C:\Program Files\InstallShield Installation Information\{E55FB276-73C9-4776-AB53-BC028C0509ED}\setup.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2014\Panda Antivirus Pro 2014.lnk - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\Iface.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2014\Ferramentas adicionais\Panda USB Vaccine.lnk - C:\Program Files\Panda Security\USBVaccine\USBVaccine.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda Secure Vault\Virtual Keyboard.lnk - C:\Program Files\Panda Security\Panda Secure Vault\pdVirtKbd.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2013\Watchtower Library 2013 - Português.lnk - C:\Program Files\Watchtower\Watchtower Library 2013\T\WTLibrary.exe

==== shortcuts in Quick Launch ======================

C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2014.lnk - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\Iface.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Watchtower Library 2012 - Português.lnk - C:\Program Files\Watchtower\Watchtower Library 2012\T\WTLibrary.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 7.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2014.lnk - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\Iface.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2014.lnk - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\Iface.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2014.lnk - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\Iface.exe
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Aldemir\AppData\Local\Mozilla\Firefox\Profiles\ofe8m1la.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=25 folders=17 4982903 bytes)

==== Empty Temp Folders ======================

C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Usuário Padrão\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 19/07/2014 at 13:38:59,21 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

relatório do JRT


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Aldemir on 19/07/2014 at 14:15:49,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/07/2014 at 14:18:59,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

costumo usar o chrome

mas este [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
não sai do firefox

o que eu faço?

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

ZHPdiag

~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Aldemir (19/07/2014 14:54:48)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 30.0 (Defaut)
GCIE: Google Chrome v36.0.1985.125

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.2.1012
Panda Antivirus Pro 2014 v13.01.01
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.14

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2009 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 396 GB (85%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PC-ALDEMIR
~ User Name: Aldemir
~ All Users Names: Convidado, Aldemir, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Aldemir\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Aldemir\AppData\Roaming\
~ %Desktop% : C:\Users\Aldemir\Desktop\
~ %Favorites% : C:\Users\Aldemir\Favorites\
~ %LocalAppData% : C:\Users\Aldemir\AppData\Local\
~ %StartMenu% : C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 396 Go of 466 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.16/01/2011 - 20:55:10.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.16/01/2011 - 20:54:15.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2011 - 20:54:30.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.16/01/2011 - 20:54:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.16/01/2011 - 20:54:33.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.16/01/2011 - 20:56:03.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.16/01/2011 - 20:54:27.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.16/01/2011 - 20:54:15.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/9
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/37
~ Mes Documents (My Documents) : 2/1149
~ Mon Bureau (My Desktop) : 1/17
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.6C856C581ACE1785CE3FC2414E9859A3] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952] [PID.668]
[MD5.341457B79B3FC31A80C346C767045879] - (.Panda Security, S.L. - Anti-malware protection support executable.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe [28992] [PID.880]
[MD5.23EE4E711AAF7CAB3B325D44F0DD04A6] - (.Panda Security, S.L. - TPSrv Application.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\TPSrv.exe [157432] [PID.940]
[MD5.E196DF9B4DA221A263B6EC7F0CFCD542] - (.Panda Security - Internet resident proxy.) -- C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2014\WebProxy.exe [108512] [PID.1124]
[MD5.54F00466439F749EDDF29CBA0BC1A28A] - (.Panda Security, S.L. - Panda Software Controler.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe [177440] [PID.1168]
[MD5.F458128A5321BB48DF7B3D8E279F6393] - (.Panda Security, S.L. - Panda Function Service.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe [202016] [PID.1564]
[MD5.2AE3F6B23448443BBEF5DE207159213B] - (.Panda Security, S.L. - Panda Process Protection Service.) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [62768] [PID.1244]
[MD5.4D8C2645A12FDDF9CD4A68DDE8496BEF] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Service.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe [313664] [PID.1220]
[MD5.196C450F2779D0B462C444DA4906EA7F] - (.Panda Security S.L. - Panda Interface Manager Service.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe [108288] [PID.1752]
[MD5.CC85A36EB009F45A53FF5344CCEFD58E] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Protection.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\AVENGINE.exe [225088] [PID.1848]
[MD5.7F2315436D917B39D27094C617A39EF2] - (.Blisbury LLP. - HitsBlender Updater.) -- C:\Program Files\HitsBlenderUpdater\HitsBlenderupdater.exe [432368] [PID.3248]
[MD5.8E13CA0B48A1298F46F8739B95DBE4BF] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [781600] [PID.3464]
[MD5.87D78CF6365BDDACBE9D34B60FE0E23B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.2512]
[MD5.863020614D27D74CFC4194C598DEAD40] - (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\ApVxdWin.exe [1062880] [PID.2164]
[MD5.127687F1D171D0820D02851A9FA62525] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584] [PID.2804]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4168]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4336]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8020480] [PID.4780]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2600]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default\prefs.js
M0 - MFSP: prefs.js [Aldemir - ofe8m1la.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SearchFindWide
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{B9DD4725-1D14-45E2-85C5-10DAAD7599F5} Chave orfã
O3 - Toolbar\WebBrowser: FindWide Toolbar - [HKCU]{B9DD4725-1D14-45E2-85C5-10DAAD7599F5} . (...) -- C:\Program Files\TNT2\Profiles\10873\passport.dll =>Hijacker.SearchFindWide
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [APVXDWIN] . (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\APVXDWIN.exe
O4 - HKLM\..\Run: [SCANINICIO] . (.Panda Security, S.L. - Inicio Programado.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\Inicio.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\S-1-5-21-319051660-3763609122-3835800138-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
~ Application: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C615CEC-E879-4081-9F12-F576662B2E9E}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C615CEC-E879-4081-9F12-F576662B2E9E}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C615CEC-E879-4081-9F12-F576662B2E9E}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.189.80.123 200.189.80.109
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: avldr . (.On-Access Anti-Malware Scanner Sync - On-Access Anti-Malware Scanner Sync.) -- C:\Windows\System32\avldr.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.7F2315436D917B39D27094C617A39EF2] [APT] [HitsBlender Update Service] (.Blisbury LLP..) -- C:\Program Files\HitsBlenderUpdater\HitsBlenderupdater.exe [432368]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 05s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ssnfd) . (. - .) - C:\Windows\System32\drivers\ssnfd.sys (.not file.)
~ Drivers: 72 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Horizon v2.7.9.3 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: WMPKeys - (.lazymf and kbept.) [HKLM] -- {5D4B3647-9842-4875-B081-EF8D98C02865}
~ Logic: 12 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\DefaultCompany]
[HKLM\Software\Baidu Security]
~ Key Software: 135 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/07/2014 - 19:29:33 - [] ----D C:\Program Files\Daring Development
O43 - CFD: 19/07/2014 - 10:57:39 - [0] ----D C:\Program Files\RBM
O43 - CFD: 27/06/2014 - 19:28:58 - [] ----D C:\Program Files\WMPKeys
O43 - CFD: 28/05/2014 - 16:12:01 - [] ----D C:\Users\Aldemir\AppData\Roaming\ProductData
O43 - CFD: 24/04/2014 - 19:02:57 - [0] --HAD C:\Users\Aldemir\AppData\Local\GH9eFwDDz
O43 - CFD: 10/07/2014 - 22:09:13 - [] ----D C:\Users\Aldemir\AppData\Local\Popcorn-Time
O43 - CFD: 27/06/2014 - 19:28:58 - [] ----D C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMPKeys
~ Program Folder: 131 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.5DE387A2BCC1752D01A0ADCFFE8083EB] - 15/07/2014 - 20:21:17 ---A- . (.On-Access Anti-Malware Scanner Sync - On-Access Anti-Malware Scanner Sync.) -- C:\Windows\System32\avldr.dll [55552]
O44 - LFC:[MD5.A8991A85F8A5466DF3C887D1A15E52F4] - 15/07/2014 - 20:21:28 ---A- . (.Panda Software - PavCPL.) -- C:\Windows\System32\pavcpl.cpl [54832]
O44 - LFC:[MD5.F2EA52002ED00762FBA34C7170599934] - 15/07/2014 - 20:22:28 ---A- . (...) -- C:\Windows\System32\PavCPL.dat [250]
O44 - LFC:[MD5.BEF39B56571C8F6B22885FEC57E54280] - 18/07/2014 - 19:22:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147638]
O44 - LFC:[MD5.5921EB55D94241F3C6EBD4713948196D] - 18/07/2014 - 19:22:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705798]
O44 - LFC:[MD5.4F34C23EE3D5CC406AA5D0F14BB5E728] - 19/07/2014 - 00:27:04 ----- . (...) -- C:\bootsqm.dat [3288]
O44 - LFC:[MD5.0A209D4CFDBA884D97816AA322CD121F] - 19/07/2014 - 00:28:27 ---A- . (...) -- C:\Windows\win.ini [505]
O44 - LFC:[MD5.2A82B71CBEC775304D72F3A8F7A542D7] - 19/07/2014 - 01:04:29 ---A- . (...) -- C:\Windows\ntbtlog.txt [258008]
O44 - LFC:[MD5.C1A47CFDE4E11F1425FE02C07EDD74FF] - 19/07/2014 - 09:27:10 ---A- . (...) -- C:\Windows\System32\PAV_FOG.OPC [8627]
O44 - LFC:[MD5.D136E1C333A0D504464F400098F9A041] - 19/07/2014 - 13:00:39 ---A- . (...) -- C:\zoek-results2014-06-01-173139.log [15985]
O44 - LFC:[MD5.5E80BD82887AC6681A3522F6C6FCDACA] - 19/07/2014 - 13:00:58 ---A- . (...) -- C:\zoek-results2014-07-19-160058.log [1500]
O44 - LFC:[MD5.2A01C34A1660E21D0A3909087005837E] - 19/07/2014 - 13:21:34 ---A- . (...) -- C:\folders.txt [168]
O44 - LFC:[MD5.95944287B5DB448BD2C14854276DFF23] - 19/07/2014 - 13:23:29 ---A- . (...) -- C:\zoek-results2014-07-19-162329.log [17378]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 19/07/2014 - 13:28:29 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.C190082D090FFFBD126DB8E84A3D11EF] - 19/07/2014 - 13:38:59 ---A- . (...) -- C:\zoek-results.log [15677]
~ Files: 83 Legitimates Filtered in 01mn 25s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 71 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 12/04/1744 - C:\Windows\system32\PavTPK.sys (PavTPK.sys) .(...) - LEGACY_PAVTPK.SYS
O64 - Services: CurCS - 21/02/2011 - C:\Windows\System32\DRIVERS\ShlDrv51.sys (ShldDrv) .(.Panda Security, S.L. - PandaShield driver.) - LEGACY_SHLDDRV
~ Legacy: 113 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.0BC9B2FE81599F5C300B553D7778CDE8] [SPRF][14/05/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [SPRF][16/06/2014] (.Atribune.org - ATF Cleaner.exe.) -- C:\Users\Aldemir\Desktop\ATF-Cleaner.exe [50688]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{B9DD4725-1D14-45E2-85C5-10DAAD7599F5}] (FindWide Toolbar) =>Hijacker.SearchFindWide
~ BCK: 4359 Legitimates Filtered in 00mn 05s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 04/05/2014 2152736 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 06/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 19/11/2012 177440 | (Panda Software Controller) . (.Panda Security, S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
SR - | Auto 21/09/2012 202016 | (PAVFNSVR) . (.Panda Security, S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
SR - | Auto 04/02/2008 62768 | (PavPrSrv) . (.Panda Security, S.L..) - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
SR - | Auto 13/04/2011 313664 | (PAVSRV) . (.Panda Security, S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
SR - | Auto 19/06/2008 108288 | (PSIMSVC) . (.Panda Security S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
SR - | Auto 16/08/2010 28992 | (PskSvcRetail) . (.Panda Security, S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
SR - | Auto 25/02/2014 157432 | (TPSrv) . (.Panda Security, S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\TPSrv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s



---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{B9DD4725-1D14-45E2-85C5-10DAAD7599F5} =>Hijacker.SearchFindWide^
[HKCR\CLSID\{B9DD4725-1D14-45E2-85C5-10DAAD7599F5}] (FindWide Toolbar) =>Hijacker.SearchFindWide^
~ Additionnel Scan: 141911 Items scanned in 00mn 20s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SearchFindWide
~ MSI: 1 link(s) detected in 00mn 00s



~ 717 Legitimates filtered by white list
End of the scan (407 lines in 02mn 35s)(0)

 Você conhece esta extensão abaixo que está no seu navegador Google Chrome? Se não conhecer, sugiro que a desative por precaução:

CryptoTokenExtension v.0.0.1
________________________________________________________________________________________________

 Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em negrito abaixo para ser analisado:

C:\Program Files\HitsBlenderUpdater\HitsBlenderupdater.exe

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

link da análise do arquivo no site Virus Total:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]




Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Aldemir at 19/07/2014 16:25:48
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: ssnfd
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKCR\CLSID\{B9DD4725-1D14-45E2-85C5-10DAAD7599F5}

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {B9DD4725-1D14-45E2-85C5-10DAAD7599F5}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ Mozilla Pref: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (114) (1.771.362 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
4 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
2 : Ficheiros
2 : Preferências do navegador
1 : Restauração Sistema


End of clean in 00mn 26s

========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 31/05/2014 13:51:57 [2308]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R2].txt - 31/05/2014 14:17:48 [1437]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R3].txt - 19/07/2014 16:25:53 [1677]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

segue o log:

~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Aldemir (19/07/2014 16:57:56)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 30.0 (Defaut)
GCIE: Google Chrome v36.0.1985.125

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.2.1012
Panda Antivirus Pro 2014 v13.01.01
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.14

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2009 MB (33% free)
System Restore: Activé (Enable)
System drive C: has 396 GB (84%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PC-ALDEMIR
~ User Name: Aldemir
~ All Users Names: Convidado, Aldemir, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Aldemir\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Aldemir\AppData\Roaming\
~ %Desktop% : C:\Users\Aldemir\Desktop\
~ %Favorites% : C:\Users\Aldemir\Favorites\
~ %LocalAppData% : C:\Users\Aldemir\AppData\Local\
~ %StartMenu% : C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 396 Go of 466 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.16/01/2011 - 20:55:10.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.16/01/2011 - 20:54:15.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2011 - 20:54:30.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.16/01/2011 - 20:54:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.16/01/2011 - 20:54:33.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.16/01/2011 - 20:56:03.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.16/01/2011 - 20:54:27.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.16/01/2011 - 20:54:15.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/9
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/37
~ Mes Documents (My Documents) : 2/1149
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.6C856C581ACE1785CE3FC2414E9859A3] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952] [PID.668]
[MD5.341457B79B3FC31A80C346C767045879] - (.Panda Security, S.L. - Anti-malware protection support executable.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe [28992] [PID.880]
[MD5.23EE4E711AAF7CAB3B325D44F0DD04A6] - (.Panda Security, S.L. - TPSrv Application.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\TPSrv.exe [157432] [PID.940]
[MD5.E196DF9B4DA221A263B6EC7F0CFCD542] - (.Panda Security - Internet resident proxy.) -- C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2014\WebProxy.exe [108512] [PID.1124]
[MD5.54F00466439F749EDDF29CBA0BC1A28A] - (.Panda Security, S.L. - Panda Software Controler.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe [177440] [PID.1168]
[MD5.F458128A5321BB48DF7B3D8E279F6393] - (.Panda Security, S.L. - Panda Function Service.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe [202016] [PID.1564]
[MD5.2AE3F6B23448443BBEF5DE207159213B] - (.Panda Security, S.L. - Panda Process Protection Service.) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [62768] [PID.1244]
[MD5.4D8C2645A12FDDF9CD4A68DDE8496BEF] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Service.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe [313664] [PID.1220]
[MD5.196C450F2779D0B462C444DA4906EA7F] - (.Panda Security S.L. - Panda Interface Manager Service.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe [108288] [PID.1752]
[MD5.CC85A36EB009F45A53FF5344CCEFD58E] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Protection.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\AVENGINE.exe [225088] [PID.1848]
[MD5.7F2315436D917B39D27094C617A39EF2] - (.Blisbury LLP. - HitsBlender Updater.) -- C:\Program Files\HitsBlenderUpdater\HitsBlenderupdater.exe [432368] [PID.3248]
[MD5.8E13CA0B48A1298F46F8739B95DBE4BF] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [781600] [PID.3464]
[MD5.87D78CF6365BDDACBE9D34B60FE0E23B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.2512]
[MD5.863020614D27D74CFC4194C598DEAD40] - (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\ApVxdWin.exe [1062880] [PID.2164]
[MD5.127687F1D171D0820D02851A9FA62525] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584] [PID.2804]
[MD5.B3DD214F23037E3D3C27D6C9447B40B5] - (.Microsoft Corporation - Aplicativo Wordpad do Windows.) -- C:\Program Files\Windows NT\Accessories\wordpad.exe [4247040] [PID.4756]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4908]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8020480] [PID.716]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.5664]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\ofe8m1la.default\prefs.js
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [APVXDWIN] . (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\APVXDWIN.exe
O4 - HKLM\..\Run: [SCANINICIO] . (.Panda Security, S.L. - Inicio Programado.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2014\Inicio.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\S-1-5-21-319051660-3763609122-3835800138-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
~ Application: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C615CEC-E879-4081-9F12-F576662B2E9E}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C615CEC-E879-4081-9F12-F576662B2E9E}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C615CEC-E879-4081-9F12-F576662B2E9E}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.189.80.123 200.189.80.109
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: avldr . (.On-Access Anti-Malware Scanner Sync - On-Access Anti-Malware Scanner Sync.) -- C:\Windows\System32\avldr.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.7F2315436D917B39D27094C617A39EF2] [APT] [HitsBlender Update Service] (.Blisbury LLP..) -- C:\Program Files\HitsBlenderUpdater\HitsBlenderupdater.exe [432368]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 05s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ssnfd) . (. - .) - C:\Windows\System32\drivers\ssnfd.sys (.not file.)
~ Drivers: 70 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: Horizon v2.7.9.3 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: WMPKeys - (.lazymf and kbept.) [HKLM] -- {5D4B3647-9842-4875-B081-EF8D98C02865}
~ Logic: 12 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\DefaultCompany]
~ Key Software: 133 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/07/2014 - 19:29:33 - [] ----D C:\Program Files\Daring Development
O43 - CFD: 19/07/2014 - 10:57:39 - [0] ----D C:\Program Files\RBM
O43 - CFD: 27/06/2014 - 19:28:58 - [] ----D C:\Program Files\WMPKeys
O43 - CFD: 28/05/2014 - 16:12:01 - [] ----D C:\Users\Aldemir\AppData\Roaming\ProductData
O43 - CFD: 24/04/2014 - 19:02:57 - [0] --HAD C:\Users\Aldemir\AppData\Local\GH9eFwDDz
O43 - CFD: 10/07/2014 - 22:09:13 - [] ----D C:\Users\Aldemir\AppData\Local\Popcorn-Time
O43 - CFD: 27/06/2014 - 19:28:58 - [] ----D C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMPKeys
~ Program Folder: 131 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.5DE387A2BCC1752D01A0ADCFFE8083EB] - 15/07/2014 - 20:21:17 ---A- . (.On-Access Anti-Malware Scanner Sync - On-Access Anti-Malware Scanner Sync.) -- C:\Windows\System32\avldr.dll [55552]
O44 - LFC:[MD5.A8991A85F8A5466DF3C887D1A15E52F4] - 15/07/2014 - 20:21:28 ---A- . (.Panda Software - PavCPL.) -- C:\Windows\System32\pavcpl.cpl [54832]
O44 - LFC:[MD5.F2EA52002ED00762FBA34C7170599934] - 15/07/2014 - 20:22:28 ---A- . (...) -- C:\Windows\System32\PavCPL.dat [250]
O44 - LFC:[MD5.BEF39B56571C8F6B22885FEC57E54280] - 18/07/2014 - 19:22:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147638]
O44 - LFC:[MD5.5921EB55D94241F3C6EBD4713948196D] - 18/07/2014 - 19:22:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705798]
O44 - LFC:[MD5.4F34C23EE3D5CC406AA5D0F14BB5E728] - 19/07/2014 - 00:27:04 ----- . (...) -- C:\bootsqm.dat [3288]
O44 - LFC:[MD5.0A209D4CFDBA884D97816AA322CD121F] - 19/07/2014 - 00:28:27 ---A- . (...) -- C:\Windows\win.ini [505]
O44 - LFC:[MD5.2A82B71CBEC775304D72F3A8F7A542D7] - 19/07/2014 - 01:04:29 ---A- . (...) -- C:\Windows\ntbtlog.txt [258008]
O44 - LFC:[MD5.C1A47CFDE4E11F1425FE02C07EDD74FF] - 19/07/2014 - 09:27:10 ---A- . (...) -- C:\Windows\System32\PAV_FOG.OPC [8627]
O44 - LFC:[MD5.D136E1C333A0D504464F400098F9A041] - 19/07/2014 - 13:00:39 ---A- . (...) -- C:\zoek-results2014-06-01-173139.log [15985]
O44 - LFC:[MD5.5E80BD82887AC6681A3522F6C6FCDACA] - 19/07/2014 - 13:00:58 ---A- . (...) -- C:\zoek-results2014-07-19-160058.log [1500]
O44 - LFC:[MD5.2A01C34A1660E21D0A3909087005837E] - 19/07/2014 - 13:21:34 ---A- . (...) -- C:\folders.txt [168]
O44 - LFC:[MD5.95944287B5DB448BD2C14854276DFF23] - 19/07/2014 - 13:23:29 ---A- . (...) -- C:\zoek-results2014-07-19-162329.log [17378]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 19/07/2014 - 13:28:29 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.C190082D090FFFBD126DB8E84A3D11EF] - 19/07/2014 - 13:38:59 ---A- . (...) -- C:\zoek-results.log [15677]
~ Files: 83 Legitimates Filtered in 00mn 04s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 71 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 12/04/1744 - C:\Windows\system32\PavTPK.sys (PavTPK.sys) .(...) - LEGACY_PAVTPK.SYS
~ Legacy: 113 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.0BC9B2FE81599F5C300B553D7778CDE8] [SPRF][14/05/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [SPRF][16/06/2014] (.Atribune.org - ATF Cleaner.exe.) -- C:\Users\Aldemir\Desktop\ATF-Cleaner.exe [50688]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 04/05/2014 2152736 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 06/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 19/11/2012 177440 | (Panda Software Controller) . (.Panda Security, S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
SR - | Auto 21/09/2012 202016 | (PAVFNSVR) . (.Panda Security, S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
SR - | Auto 04/02/2008 62768 | (PavPrSrv) . (.Panda Security, S.L..) - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
SR - | Auto 13/04/2011 313664 | (PAVSRV) . (.Panda Security, S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
SR - | Auto 19/06/2008 108288 | (PSIMSVC) . (.Panda Security S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
SR - | Auto 16/08/2010 28992 | (PskSvcRetail) . (.Panda Security, S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
SR - | Auto 25/02/2014 157432 | (TPSrv) . (.Panda Security, S.L..) - C:\Program Files\Panda Security\Panda Antivirus Pro 2014\TPSrv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s



---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 141745 Items scanned in 00mn 21s



~ 712 Legitimates filtered by white list
End of the scan (382 lines in 01mn 16s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

aí vai:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Aldemir at 19/07/2014 17:17:31
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: ssnfd

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 13s

========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 31/05/2014 13:51:57 [2308]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R2].txt - 31/05/2014 14:17:48 [1437]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R3].txt - 19/07/2014 16:25:53 [1759]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R4].txt - 19/07/2014 17:17:37 [1111]

como está o computador?

rapaz muito suor mas

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
saiu do firefox

melhorou o desempenho
do chrome mesmo travando

obrigado

você pode me sugerir
algum otmizador

abraço muito obrigado

o PC falha, da umas travadas
tem como tirar isso?

Aldemir escreveu:o PC falha, da umas travadas
tem como tirar isso?

Em que momento estas travadas acontecem?

no momento que acesso o favorito
na guia por ex: pagina do Fórum PC Brasil