[Resolvido] &nbspacho que estou infecto

[Pedroalves 1]

o meu problema é seguinte do nada aparace-me no gestor de tarefas aparece a linha de comando sem eu sequer ter o executado tentei bloquea-lo com o meu kaspersky mas continua me aparecer fiz um scan com o meu antivirus e detectou um virus Trojan.win32.generic

segue-se o relatorio do HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:02:27, on 26-04-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17041)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.pt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE.dll

O2 - BHO: Microsoft Web Test Recorder 12.0 Helper - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe

O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Pedro\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE" /MINIMIZED

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\PROGRAM FILES (X86)\DAEMON TOOLS LITE\DTLite.exe" -autorun

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O8 - Extra context menu item: E&nviar para o OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe

O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe

O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 15885 bytes

[Power Max 54]

Olá Pedro.

 

:seta: Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

[Pedroalves 1]

segue-se o relatorio do AdwCleaner

# AdwCleaner v3.203 - Report created 26/04/2014 at 18:54:20

# Updated 26/04/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Pedro - PEDRO-PC

# Running from : C:\Users\Pedro\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Application Updater

Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar

Folder Deleted : C:\Program Files (x86)\Common Files\Spigot

Folder Deleted : C:\Users\Pedro\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKLM\Software\Application Updater

Key Deleted : HKLM\Software\Search Settings

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj

Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj

Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk

Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp

*************************

AdwCleaner[R0].txt - [2887 octets] - [26/04/2014 18:52:39]

AdwCleaner[s0].txt - [2813 octets] - [26/04/2014 18:54:20]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2873 octets] ##########

[Power Max 54]

:seta: Faça o download do Malwarebytes em um destes links abaixo:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

http://downloads.malwarebytes.org/mbam-download.php

 

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

 

Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

 

Ficamos no aguardo.

[Pedroalves 1]

desculpa a demora a postar um novo relatorio do anti-malware

segue-se o relatorio

Malwarebytes Anti-Malware

www.malwarebytes.org

Data da Pesuqisa: 26-04-2014

Hora da Pesquisa: 22:17:06

Ficheiro de Relatório: ola.txt

Administrador: Sim

Versão: 2.00.1.1004

Base de Dados de Malware: v2014.04.26.03

Base de dados de Rootkit: v2014.03.27.01

Licença: Grátis

Protecção contra Malware: Desactivado

Protecção contra Websites Maliciosos: Desactivado

Camaleão: Desactivado

SO: Windows 7 Service Pack 1

CPU: x64

Sistema de Ficheiros: NTFS

Utilizador: Pedro

Tipo de Pesquisa: Pesquisa Personalizada

Resultado: Terminado

Objesctos Pesquisados: 543223

Tempo Decorrido: 1 hora(s), 17 min, 27 seg

Memória: Activado

Arranque: Activado

Sistema de Ficheiros: Activado

Arquivos: Activado

Rootkits: Desactivado

Shuriken: Activado

PPI: Activado

MPI: Activado

Processos: 0

(No malicious items detected)

Módulos: 0

(No malicious items detected)

Chaves de Registo: 0

(No malicious items detected)

Valores de Registo: 0

(No malicious items detected)

Dados de Registo: 0

(No malicious items detected)

Pastas: 0

(No malicious items detected)

Ficheiros: 1

Trojan.VirTool, F:\Program Files (x86)\The Elder Scrolls V Skyrim\steam_api.dll, Movido para Quarentena, [02e9999591eaf640bdd5ca38659dce32],

Sectores Físicos: 0

(No malicious items detected)

(end)

[Power Max 54]

:seta: Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

[Pedroalves 1]

segue-se o relatorio do zoek

Zoek.exe v5.0.0.0 Updated 14-April-2014

Tool run by Pedro on 26-04-2014 at 22:32:31,25.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Pedro\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

26-04-2014 22:33:24 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Pedro\AppData\Roaming\Thunderbird\Profiles\5ktzzjl3.default\prefs.js:

Added to C:\Users\Pedro\AppData\Roaming\Thunderbird\Profiles\5ktzzjl3.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted

C:\PROGRA~3\ProductData deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Pedro\AppData\LocalLow\IObit Apps deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted

"C:\Windows\Installer\3c8b0f.msi" deleted

"C:\Users\Pedro\AppData\Roaming\ANIWZCS{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com" [25-04-2014 11:41]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [01-04-2014 20:22]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx[02-05-2013 02:26]

hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx[02-05-2013 02:26]

hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx[02-05-2013 02:26]

jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx[02-05-2013 02:24]

pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx[02-05-2013 02:26]

Google Docs - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Kaspersky URL Advisor - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj

AdBlock - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Safe Money - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh

Content Blocker - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail

Virtual Keyboard - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh

Google Wallet - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Anti-Banner - Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{BD237E9E-5C24-4EE5-9D3C-FD15335077EC} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Reset Google Chrome ======================

C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2955925240-1096623219-443652941-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_USERS\S-1-5-21-2955925240-1096623219-443652941-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Pedro\Desktop\Bem-vindo ao Registo de Produto ASUS.lnk - C:\Program Files (x86)\ASUS\APRP\ASUSProductReg.exe

C:\Users\Pedro\Desktop\Dropbox.lnk - C:\Users\Pedro\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Pedro\Desktop\Safe Money.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe -hidden safebanking

C:\Users\Pedro\Desktop\Shortcut to SecureDownloadManager.exe.lnk - C:\Users\Pedro\AppData\Roaming\Microsoft\Installer\{E040B65B-8683-4228-8C33-D44A141E40EA}\_80D807FC3A72E5B428F1ED.exe

C:\Users\Pedro\Desktop\Jogos\AION Free-to-Play.lnk - F:\Program Files (x86)\GameforgeLive\GameforgeLive.exe "F:\Program Files (x86)\GameforgeLive\Games\GBR_eng\AION\NCLauncher.exe" -start Aion

C:\Users\Pedro\Desktop\Jogos\Battle.net.lnk - F:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

C:\Users\Pedro\Desktop\Jogos\Dead Rising 2 OTR.lnk - F:\Program Files (x86)\Capcom\Dead Rising 2 Off The Record\deadrising2otr.exe

C:\Users\Pedro\Desktop\Jogos\deadislandgame - Atalho.lnk - F:\Program Files (x86)\Dead Island\deadislandgame.exe

C:\Users\Pedro\Desktop\Jogos\Diablo III.lnk - F:\Program Files (x86)\Diablo III\Diablo III Launcher.exe

C:\Users\Pedro\Desktop\Jogos\Dragon's Prophet.lnk - F:\Program Files (x86)\Dragon's Prophet\launcher.exe

C:\Users\Pedro\Desktop\Jogos\Gameforge Live.lnk - F:\Program Files (x86)\GameforgeLive\GameforgeLive.exe

C:\Users\Pedro\Desktop\Jogos\Grand Theft Auto IV.lnk - F:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe

C:\Users\Pedro\Desktop\Jogos\Minecraft.lnk - C:\Users\Pedro\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe

C:\Users\Pedro\Desktop\Jogos\Mortal Kombat Complete Edition.lnk - F:\Program Files (x86)\Mortal Kombat Complete Edition\MKKE.exe

C:\Users\Pedro\Desktop\Jogos\Os Sims™ 3.lnk -

C:\Users\Pedro\Desktop\Jogos\TERA.lnk - F:\Program Files (x86)\TERA\tera-launcher.exe

C:\Users\Pedro\Desktop\Jogos\The Elder Scrolls V Skyrim.lnk - F:\Program Files (x86)\The Elder Scrolls V Skyrim\SkyrimLauncher.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ASUS GPU Tweak.lnk - C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\DS3 Tool.lnk - C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe

C:\Users\Public\Desktop\Game Booster 3.lnk - C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe

C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

C:\Users\Public\Desktop\GPUTweakStreaming.lnk - C:\Program Files (x86)\ASUS\GPUTweakStreaming\GPUTweakStreaming.exe

C:\Users\Public\Desktop\NVIDIA Nsight HUD Launcher 3.1.lnk - C:\Program Files (x86)\NVIDIA Corporation\Nsight Visual Studio Edition 3.1\Monitor\Common\Nvda.Launcher.100.exe

C:\Users\Public\Desktop\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

C:\Users\Public\Desktop\Switch to Gaming Mode.lnk - C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe -game

==== shortcuts in Users Start Menu ======================

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Pedro\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Pedro\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\AION Free-to-Play.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Dead Rising 2 OTR.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Dragon's Prophet.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Gameforge Live.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Hi-Rez Diagnostics and Support.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Minecraft.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Smite.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\TERA.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\The Elder Scrolls V Skyrim.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft.lnk - C:\Users\Pedro\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Uninstall.lnk - C:\Users\Pedro\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MonoGame\Uninstall.lnk - C:\Program Files (x86)\MonoGame\v3.0\uninstall.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr\Raptr.lnk - C:\Program Files (x86)\Raptr\raptrstub.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual da consola do RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Novidades na última versão.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Central de Soluções HP.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\SIGNINOPTIONS.EXE

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Desinstalar o Advanced SystemCare.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Toolbox.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /toolbox

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Turbo Boost.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /turboboost

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS GPU Tweak.lnk - C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\GPUTweakStreaming.lnk - C:\Program Files (x86)\ASUS\GPUTweakStreaming\GPUTweakStreaming.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite 3\AI Suite 3.lnk - C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite 3\Uninstall AI Suite 3.lnk - C:\ProgramData\ASUS\AI Suite III\Setup.exe -u

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk - F:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom\Dead Rising 2 OTR\Dead Rising 2 OTR.lnk - F:\Program Files (x86)\Capcom\Dead Rising 2 Off The Record\deadrising2otr.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link\DWL-G122_DWA-110\Connection Wizard.lnk - C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\D-Link Wizard.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link\DWL-G122_DWA-110\Uninstall.lnk - C:\Program Files (x86)\InstallShield Installation Information\{5F753314-628E-4C13-B8AE-BFA7FD514CBE}\setup.exe -runfromtemp -l0x0816

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link\DWL-G122_DWA-110\Wireless Connection Manager.lnk - C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DT.gadget

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - C:\Program Files (x86)\DAEMON Tools Lite\SPTDinst-x64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Battle.net Account Management.lnk - F:\Program Files (x86)\Diablo III\BattlenetAccount.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Blizzard Technical Support.lnk - F:\Program Files (x86)\Diablo III\TechSupport.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III - Manual.lnk - F:\Program Files (x86)\Diablo III\Manual.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III.lnk - F:\Program Files (x86)\Diablo III\Diablo III Launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon's Prophet\Dragon's Prophet.lnk - F:\Program Files (x86)\Dragon's Prophet\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon's Prophet\Uninstall Dragon's Prophet.lnk - F:\Program Files (x86)\Dragon's Prophet\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Os Sims™ 3\Apoio Técnico.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Os Sims™ 3\Contrato de Licença de Utilizador Final.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Os Sims™ 3\Desinstalar Os Sims™ 3.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Os Sims™ 3\Leia-me.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Os Sims™ 3\Os Sims™ 3.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Os Sims™ 3 Vida Universitária\Apoio Técnico.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Os Sims™ 3 Vida Universitária\Contrato de Licença de Utilizador Final.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Os Sims™ 3 Vida Universitária\Desinstalar Os Sims™ 3 Vida Universitária.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Os Sims™ 3 Vida Universitária\Leia-me.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Os Sims™ 3 Vida Universitária\Os Sims™ 3 Vida Universitária.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Extreme\AIDA64 Extreme na Web.lnk - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Extreme\AIDA64 Extreme.lnk - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Extreme\Documentação do AIDA64 Extreme.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Assistant\Game Assistant.lnk - C:\Program Files (x86)\IObit\Game Assistant\GameAssistantMain.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Assistant\Uninstall Game Assistant.lnk - C:\Program Files (x86)\IObit\Game Assistant\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3\Desinstalar o Game Booster 3.lnk - C:\Program Files (x86)\IObit\Game Booster 3\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3\Game Booster 3.lnk - C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\AION Free-to-Play.lnk - F:\Program Files (x86)\GameforgeLive\GameforgeLive.exe "F:\Program Files (x86)\GameforgeLive\Games\GBR_eng\AION\NCLauncher.exe" -start Aion

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Gameforge Live.lnk - F:\Program Files (x86)\GameforgeLive\GameforgeLive.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Uninstall Gameforge Live.lnk - F:\Program Files (x86)\GameforgeLive\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dead Rising 2 Off The Record.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Games for Windows Marketplace.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto IV.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Os Sims™ 3 Ambições Profissionais.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Os Sims™ 3 Aventuras no Mundo.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Os Sims™ 3 Design High Tech Acessórios.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Os Sims™ 3 Vida Universitária.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Os Sims™ 3.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Atualização HP.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Central de Soluções HP.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Smart Web Printing\Ajuda da HP Smart Web Printing.lnk - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\Help\hpsmartprint.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart Prem C310 series\Adicionar dispositivo.lnk - C:\Program Files (x86)\HP\Digital Imaging\{4E484899-4F93-4086-88BA-56BDDF47A776}\hpzstub.exe -addadevice

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart Prem C310 series\Ajuda.lnk - C:\Program Files (x86)\HP\Digital Imaging\HelpViewer\hpqhvshm.exe /product-class=HP Photosmart Prem C310 series

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart Prem C310 series\Desinstalar.lnk - C:\Program Files (x86)\HP\Digital Imaging\{4E484899-4F93-4086-88BA-56BDDF47A776}\setup\hpzscr40.exe -datfile hposcr49.dat -onestop -forcereboot

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart Prem C310 series\Leiame.lnk - C:\Program Files (x86)\HP\Digital Imaging\help\PS_AIO_07_C310_readme\readme.html

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart Prem C310 series\Registro do produto.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe "HP Photosmart Prem C310 series"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart Prem C310 series\Site de suporte a produtos.lnk - C:\Program Files (x86)\HP\Digital Imaging\HP Photosmart Prem C310 series\help\HP Product Support Website.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart Prem C310 series\USB para sem fio.lnk - C:\Program Files (x86)\HP\Digital Imaging\{4E484899-4F93-4086-88BA-56BDDF47A776}\hpzstub.exe -addadevice -usbtowireless

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUI.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Help.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\help.html

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe uninstall_start

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013\End User License Agreement.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\Doc\en\license.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013\Kaspersky Internet Security 2013 Help.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\Doc\en\KIS\context.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013\Kaspersky Internet Security 2013.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013\Remove Kaspersky Internet Security 2013.lnk - C:\Windows\SysWOW64\msiexec.exe /i{560985FB-4B76-4121-9189-7A2CDC7886D6} REMOVE=ALL

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013\Visit Kaspersky Lab on the Web.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kl.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar o Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Blend SDK\Expression Blend SDK Documentation.lnk - C:\Program Files (x86)\Microsoft SDKs\Expression\Blend\.NETFramework\v4.0\Help\en\.NETFramework40BlendSDK.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace\Games for Windows Marketplace.lnk - C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe /design

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK\Welcome.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mortal Kombat Complete Edition\Cat-A-Cat GAMES.lnk - F:\Program Files (x86)\Mortal Kombat Complete Edition\d.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mortal Kombat Complete Edition\Mortal Kombat Complete Edition.lnk - F:\Program Files (x86)\Mortal Kombat Complete Edition\MKKE.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mortal Kombat Complete Edition\Óäàëèòü Èãðó.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy\DS3 Tool.lnk - C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy\Uninstall.lnk - C:\Program Files\MotioninJoy\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\CUDA Toolkit\v5.5\CUDA Documentation.lnk - C:\Program Files (x86)\NVIDIA GPU Computing Toolkit\CUDA\v5.5\doc\html\index.html

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\CUDA Toolkit\v5.5\CUDA Getting Started Guide.lnk - C:\Program Files (x86)\NVIDIA GPU Computing Toolkit\CUDA\v5.5\doc\html\cuda-getting-started-guide-for-microsoft-windows\index.html

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\Nsight Visual Studio Edition 3.1\Nsight Monitor.lnk - C:\Program Files (x86)\NVIDIA Corporation\Nsight Visual Studio Edition 3.1\Monitor\Common\Nsight.Monitor.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\Nsight Visual Studio Edition 3.1\Nsight Redistributable.lnk - C:\ProgramData\NVIDIA Corporation\Nsight\NVIDIA_Nsight_Visual_Studio_Edition_Win64_3.1.msi

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Desinstalar Origin.lnk - C:\Program Files (x86)\Origin\OriginUninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars\Network Status.lnk - C:\Program Files (x86)\PokerStars\Tracer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars\Uninstall PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUninstall.exe /u:PokerStars

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\The Elder Scrolls V Skyrim.lnk - F:\Program Files (x86)\The Elder Scrolls V Skyrim\SkyrimLauncher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor1911\SimCity\SimCity.lnk - F:\Program Files (x86)\SimCity\SimCity\SimCity.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV Safe Mode.lnk - F:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe -safemode

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV.lnk - F:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto IV\Revoke License.lnk - F:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe /revoke

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Desinstalar o Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk - C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA\TERA on the Web.lnk - F:\Program Files (x86)\TERA\TERA.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA\TERA.lnk - F:\Program Files (x86)\TERA\tera-launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA\Uninstall TERA.lnk - F:\Program Files (x86)\TERA\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013\Blend for Visual Studio 2013.lnk - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Blend\Blend.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013\Microsoft Test Manager 2013.lnk - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\mtm.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013\Visual Studio 2013.lnk - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013\Visual Studio Tools.lnk - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Tools\Shortcuts

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\Virtual Network Editor.lnk - C:\Program Files (x86)\VMware\VMware Workstation\vmnetcfg.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Player.lnk - C:\Program Files (x86)\VMware\VMware Workstation\vmplayer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Workstation.lnk - C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Application Verifier (X64)\Application Verifier (X64).lnk - C:\Windows\System32\appverif.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Application Verifier (X64)\Application Verifier Help.lnk - C:\Windows\System32\appverif.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Application Verifier (X86)\Application Verifier (WOW).lnk - C:\Windows\SysWOW64\appverif.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows App Certification Kit\Windows App Cert Kit.lnk - C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\appcertui.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Performance Toolkit\Windows Performance Analyzer.lnk - C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\wpa.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Performance Toolkit\Windows Performance Recorder.lnk - C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\WPRUI.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Documentation for Desktop Apps.lnk - C:\Program Files (x86)\Windows Kits\8.0\Shortcuts\DesktopDevCenterLearn.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Documentation for Windows Store Apps.lnk - C:\Program Files (x86)\Windows Kits\8.1\Shortcuts\WindowsStoreAppDevCenterLearn.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Samples for Desktop Apps.lnk - C:\Program Files (x86)\Windows Kits\8.0\Shortcuts\DesktopDevCenterSamples.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Samples for Windows Store Apps.lnk - C:\Program Files (x86)\Windows Kits\8.1\Shortcuts\WindowsStoreAppDevCenterSamples.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Tools for Desktop Apps.lnk - C:\Program Files (x86)\Windows Kits\8.0\Shortcuts\DesktopDevCenterToolsDocumentation.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Tools for Windows Store Apps.lnk - C:\Program Files (x86)\Windows Kits\8.1\Shortcuts\WindowsStoreAppDevCenterToolsDocumentation.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual da consola do RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Novidades na última versão.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk - C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk - C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk - C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TERA.lnk - F:\Program Files (x86)\TERA\tera-launcher.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk - C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Diablo III.lnk - F:\Program Files (x86)\Diablo III\Diablo III Launcher.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AIDA64 Extreme.lnk - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GameAssistant.lnk - C:\Program Files (x86)\IObit\Game Assistant\GameAssistant.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Visual Studio 2013.lnk - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VMware Workstation.lnk - C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:

"ProxyOverride"="<local>"

"ProxyEnable"=dword:00000000

Value(s) after fix:

"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\87131C842E46469499727BA14070D480 deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{48C13178-64E2-4964-9927-B71A04074D08} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\87131C842E46469499727BA14070D480 deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CF61K3U will be deleted at reboot

C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWL0QMVY will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=413 folders=541 1542164570 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Pedro\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Pedro\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CF61K3U" not found

"C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWL0QMVY" not found

==== EOF on 26-04-2014 at 22:42:54,92 ======================

[Power Max 54]

:seta: Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

[Pedroalves 1]

segue-se o log do JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Professional x64

Ran by Pedro on 26-04-2014 at 22:56:06,78

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26-04-2014 at 22:59:53,70

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Power Max 54]

:seta: Faça o download do < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )

 

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

 

|- Execute o ícone do pergaminho. ( ZHPDiag )

 

 

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

 

 

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

 

[Pedroalves 1]

segue-se o relatorio do ZHPDiag

~ Relatório do ZHPDiag v2014.4.26.45 - Nicolas Coolman (26-04-2014)

~ Iniciado por Pedro (26-04-2014 23:25:37)

~ Endereço do Website : http://nicolascoolman.webs.com

~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/

~ Tradução pelo utilizador

~ Estatuto da versão :

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet

MSIE: Internet Explorer v11.0.9600.17041

GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema

Kaspersky Internet Security 2013 v13.0.1.4190

Malwarebytes Anti-Malware versão 2.0.1.1004

Windows Defender W7

---\\ Softwares d'optimização do sistema

CCleaner v4.13 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

Adobe Flash Player 10 ActiveX

Adobe Reader X

Java 7 Update 51

---\\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 4031 MB (63% free)

System Restore: Activé (Enable)

System drive C: has 374 GB (84%) free of 443 GB

---\\ Modo de conexão ao sistema

~ Computer Name: PEDRO-PC

~ User Name: Pedro

~ All Users Names: Pedro, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator

---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Pedro\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Pedro\AppData\Roaming\

~ %Desktop% : C:\Users\Pedro\Desktop\

~ %Favorites% : C:\Users\Pedro\Favorites\

~ %LocalAppData% : C:\Users\Pedro\AppData\Local\

~ %StartMenu% : C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 374 Go of 443 Go)

D: CD-ROM drive (Not Inserted)

E: CD-ROM drive (Not Inserted)

F: Hard drive, Flash drive, Thumb drive (Free 256 Go of 488 Go)

---\\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

~ Security Center: 44 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorador do Windows.) (.25-02-2011 - 06:19:30.) -- C:\Windows\Explorer.exe [2871808]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicação de Arranque do Windows.) (.14-07-2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensões da Internet para Win32.) (.06-03-2014 - 06:22:40.) -- C:\Windows\System32\wininet.dll [2260480]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicação de início de sessão do Windows.) (.20-11-2010 - 13:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20-11-2010 - 13:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-09-2013 - 01:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-07-2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13-07-2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 09:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 09:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 10:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Controlador de porta i8042.) (.13-07-2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-07-2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-04-2011 - 02:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 09:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Controlador de Sistema de Ficheiros NT.) (.24-01-2014 - 02:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Controlador de porta paralela.) (.14-07-2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 10:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20-11-2010 - 11:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-07-2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20-11-2010 - 09:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Controlador de cópia sombra do volume.) (.20-11-2010 - 13:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes Favoris (My Favorites) : 1/9

~ Mes Documents (My Documents) : 2/1613

~ Mon Bureau (My Desktop) : 1/39

~ Menu demarrer (Programs) : 1/46

~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados

[MD5.A0DB38F641EA7066EF979DFCD0316333] - (.ASUSTeK Computer Inc. - No Comment.) -- C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [1454224] [PID.2268]

[MD5.6E0E8049F778E99B53E0015FBA772578] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1425208] [PID.2324]

[MD5.36E65634909578B8CF863F4636F5E979] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1225528] [PID.2416]

[MD5.293770C94202D1EA18EE27E0D3EB6A41] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032] [PID.3736]

[MD5.F25BDB64996625C4B014F26572DEB647] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304] [PID.2004]

[MD5.ECDC0143B65DAD02CEC24BC08295959E] - (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe [1708032] [PID.3404]

[MD5.094E4E76FB9AB960A73F841BC6733F42] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848] [PID.3428]

[MD5.26443C4332B966C44481D1DE8D1BCBB4] - (.ASUSTek Computer Inc. - AiChargerPlus Application.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272] [PID.3456]

[MD5.F121A4E1799C490EAA3765FB6295E43E] - (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856] [PID.1544]

[MD5.E3573EBDE923BB48AE1C8672988B5772] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe [2630928] [PID.4224]

[MD5.80637A39C9F1C25FAC1E336BE1F9F162] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe [1221912] [PID.5152]

[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592] [PID.5244]

[MD5.7EA50DC775B557AD1E06ABF3C7A2A24D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7869952] [PID.2868]

[MD5.6C856C581ACE1785CE3FC2414E9859A3] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952] [PID.168]

[MD5.CDA9313E34887A111B8309B55BCDCD82] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.660]

[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1880]

[MD5.3C417A392EC51E601AC55B5E196549E7] - (.No owner - ANIWConnService.) -- C:\Windows\SysWOW64\ANIWConnService.exe [151552] [PID.1964]

[MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.2068]

[MD5.E536856E96A7605EBF580D62A868E5FE] - (...) -- C:\Windows\SysWOW64\ASGT.exe [55296] [PID.2216]

[MD5.5F1091FA113607C9C9B2ECF4FBC76F37] - (.ASUSTeK Computer Inc. - No Comment.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648] [PID.2248]

[MD5.3B3645A804E55005009E86626E9BA827] - (.ASUSTeK Computer Inc. - ASUS Motherboard Fan Control Service.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464] [PID.2348]

[MD5.A2494901E7226B356B8C1005C45F1C5F] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816] [PID.2880] =>Toolbar.Bing

[MD5.6822CA012769844EB14FD6634F22C4F6] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192] [PID.2444]

[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.2596]

[MD5.08E2C72275EEB2E74575D8176CC08EA6] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\SysWOW64\vmnat.exe [437976] [PID.2748]

[MD5.D07589E4434BD14E192ACED6C398B0CB] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [86744] [PID.2160]

[MD5.C04DA837FBC636DC88A2ACAEDB4E95F6] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\SysWOW64\vmnetdhcp.exe [359128] [PID.3504]

[MD5.81BC96818A1A718342B5A03BA34AED2A] - (...) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384] [PID.3824]

[MD5.20E83F4632E15A5E9E716FF2E8AC7FAE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.1200]

[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel® Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432] [PID.1968]

[MD5.3DE66F47365AA8CEB18B1EE272F4FEBA] - (.Intel Corporation - Intel® Local Management Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [390616] [PID.1836]

~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)

G2 - GCE: Preference [user Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] Kaspersky URL Advisor v.13.0.1.4190 (Activé)

G2 - GCE: Preference [user Data\Default] [hakdifolhalapjijoafobooafbilfakh] Safe Money v.13.0.1.4190 (Activé)

G2 - GCE: Preference [user Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Content Blocker v.13.0.1.4190 (Activé)

G2 - GCE: Preference [user Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Teclado virtual v.13.0.1.4292 (Activé)

G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [pjldcfjmnllhmgjclecdnfampinooman] Anti-Banner v.13.0.1.4190 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 21 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Outras conexões do utilizador (04)

O4 - GS\QuickLaunch [Pedro]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Pedro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - GS\TaskBar [Pedro]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Pedro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Global Startup: 4 Legitimates Filtered in 00mn 01s

---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [iAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe

O4 - HKLM\..\Run: [shadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll

O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Miniaplicações de Ambiente de Trabalho do W.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd

O4 - HKLM\..\Wow6432Node\Run: [ANIWZCS2Service] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Wow6432Node\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] . (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe

O4 - HKLM\..\Wow6432Node\Run: [uSB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

O4 - HKLM\..\Wow6432Node\Run: [ASUS AiChargerPlus Execute] . (.ASUSTek Computer Inc. - AiChargerPlus Application.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

O4 - HKLM\..\Wow6432Node\Run: [vmware-tray.exe] . (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe =>.VMware, Inc

O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Miniaplicações de Ambiente de Trabalho do W.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Miniaplicações de Ambiente de Trabalho do W.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-21-2955925240-1096623219-443652941-1000\..\Run: [sidebar] . (.Microsoft Corporation - Miniaplicações de Ambiente de Trabalho do W.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-21-2955925240-1096623219-443652941-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd

~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: Virtual Keyboard [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico

O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~4\Office14\ONBttnIE.dll (.not file.)

O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~4\Office14\ONBTTN~1.dll (.not file.)

O9 - Extra button: URLs check [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpDomain = lan

O17 - HKLM\System\CS1\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpDomain = lan

O17 - HKLM\System\CS2\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpDomain = lan

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: ASGT (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe

~ Services: 24 Legitimates Filtered in 00mn 02s

---\\ Tarefas planificadas automaticamente (039)

[MD5.36E65634909578B8CF863F4636F5E979] [APT] [ASUS DIPAwayMode] (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1225528]

[MD5.6E0E8049F778E99B53E0015FBA772578] [APT] [Ez Update] (...) -- C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1425208]

~ Scheduled Task: 18 Legitimates Filtered in 00mn 04s

---\\ Drivers lançados ao arranque do sistema (041)

O41 - Driver: (1210838drv) . (...) - C:\Windows\System32\DRIVERS\1210838drv.sys

O41 - Driver: (ndisrd) . (.NT Kernel Resources - NDISRD helper driver.) - C:\Windows\System32\DRIVERS\ndisrd.sys

~ Drivers: 93 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)

O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars

~ Logic: 7 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 25-04-2014 - 01:20:46 - [] ----D C:\Program Files (x86)\PokerStars

O43 - CFD: 01-04-2014 - 15:24:14 - [] -SH-D C:\ProgramData\Ambiente de trabalho

O43 - CFD: 02-04-2014 - 22:52:36 - [] ----D C:\Users\Pedro\AppData\Roaming\library_dir

O43 - CFD: 09-04-2014 - 11:27:48 - [] -SH-D C:\Users\Pedro\AppData\Local\EmieSiteList

O43 - CFD: 09-04-2014 - 11:27:48 - [] -SH-D C:\Users\Pedro\AppData\Local\EmieUserList

O43 - CFD: 25-04-2014 - 01:20:47 - [] ----D C:\Users\Pedro\AppData\Local\PokerStars

~ Program Folder: 220 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.AF34937075FC9B5FBF3D9F7E9C4BBCEB] - 23-04-2014 - 00:13:35 ---A- . (...) -- C:\Windows\System32\Drivers\1210838drv.sys [556632]

O44 - LFC:[MD5.B34AA7BCC68659569B1F5E776F4347A1] - 23-04-2014 - 23:25:29 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [154672]

O44 - LFC:[MD5.F960F4F40924DF192FC50DD470AC4093] - 23-04-2014 - 23:25:29 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [724696]

O44 - LFC:[MD5.088AB412D2D5DDB123AA36524A511426] - 25-04-2014 - 00:21:03 ---A- . (...) -- C:\Windows\win.ini [513]

O44 - LFC:[MD5.0EF3F2CF376F2D7B8E6A62E3C3D56B4E] - 25-04-2014 - 18:49:48 ----- . (...) -- C:\bootsqm.dat [3288]

O44 - LFC:[MD5.587C1C9D4F372D33AF857A06B0E1C994] - 26-04-2014 - 21:20:25 ---A- . (...) -- C:\ola.txt [1317]

O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26-04-2014 - 21:32:26 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]

O44 - LFC:[MD5.8D4C670C607AB6A9D9B2250E485274D8] - 26-04-2014 - 21:42:54 ---A- . (...) -- C:\zoek-results.log [51193]

~ Files: 49 Legitimates Filtered in 00mn 01s

---\\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)

O51 - MPSK:{aed34330-b9a8-11e3-88fe-806e6f6e6963}\AutoRun\command. (...) -- D:\CheckID.exe (.not file.)

~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- c:\users\pedro\appdata\roaming\utorrent\utorrent.exe =>P2P.BitTorrent

~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:23-04-2014 - 00:13:35 ---A- . (...) -- C:\Windows\System32\Drivers\1210838drv.sys [556632]

O58 - SDL:06-03-2009 - 17:10:10 ---A- . (.No owner - NDIS 6.0 Filter Driver.) -- C:\Windows\System32\Drivers\anodlwfx.sys [15872]

O58 - SDL:14-07-2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]

O58 - SDL:10-06-2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]

O58 - SDL:21-02-2013 - 03:40:38 R--A- . (.NT Kernel Resources - NDISRD helper driver.) -- C:\Windows\System32\Drivers\ndisrd.sys [32840]

O58 - SDL:19-04-2013 - 03:56:48 ---A- . (...) -- C:\Windows\System32\Drivers\nvflash.sys [15648]

O58 - SDL:02-04-2014 - 11:51:39 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]

O58 - SDL:14-07-2009 - 01:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]

O58 - SDL:22-08-2012 - 09:54:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]

O58 - SDL:14-09-2012 - 02:06:24 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]

O58 - SDL:02-04-2009 - 12:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]

~ Drivers: 95 Legitimates Filtered in 00mn 02s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)

O64 - Services: CurCS - 06-03-2009 - C:\Windows\System32\DRIVERS\anodlwfx.sys (anodlwf) .(.No owner - NDIS 6.0 Filter Driver.) - LEGACY_ANODLWF

O64 - Services: CurCS - 27-02-2014 - C:\Windows\system32\drivers\hcmon.sys (hcmon) .(.VMware, Inc. - VMware USB monitor.) - LEGACY_HCMON

O64 - Services: CurCS - 02-05-2013 - C:\Windows\System32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) - LEGACY_KNEPS

O64 - Services: CurCS - 10-06-2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV

O64 - Services: CurCS - 02-04-2014 - C:\Windows\system32\Drivers\sptd.sys (sptd) .(.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) - LEGACY_SPTD

O64 - Services: CurCS - 14-04-2014 - C:\Windows\system32\drivers\vmx86.sys (vmx86) .(.VMware, Inc. - VMware kernel driver.) - LEGACY_VMX86

O64 - Services: CurCS - 22-02-2013 - C:\Windows\Syswow64\drivers\vstor2-mntapi20-shared.sys (vstor2-mntapi20-shared) .(.VMware, Inc. - VMware Virtual Storage Volume Driver.) - LEGACY_VSTOR2-MNTAPI20-SHARED

~ Legacy: 141 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKCU] {BD237E9E-5C24-4EE5-9D3C-FD15335077EC} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.4F029701879F1CEB02EB7907DC565248] [sPRF][26-04-2014] (...) -- C:\Users\Pedro\Desktop\AdwCleaner.exe [1330861]

[MD5.2ED2319F3DE13495AAA49B70A1467055] [sPRF][26-04-2014] (...) -- C:\Users\Pedro\Desktop\zoek.exe [1285120]

~ Files: 4 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{E613F94C-5006-4875-A647-5303ADD106A1}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Pedro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O87 - FAEL: "{5372F9FB-0BC7-40E4-937D-3456140D1BFF}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Pedro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Firewall: 2 Legitimates Filtered in 00mn 01s

---\\ Listagem dos códigos dos software (PUC) (090)

O90 - PUC: "7E9C3C6D433D8194DB75B5E11FC402D7" . (.Bing Bar.) -- C:\Windows\Installer\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}\icon_installer_ico =>Toolbar.Bing

~ Update Products: 1 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)

[MD5.591EC048F441F92CE7B56D61A1EE92E1] [WIS][10-02-2012] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\19ff9.msi [475136] =>Toolbar.Bing

~ WIS: 1 Legitimates Filtered in 00mn 04s

---\\ Search Tracing Registry Key (O100)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings

~ BTK: 100 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 13-04-2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 25-04-2014 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

SS - | Auto 10-02-2012 193816 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe =>Toolbar.Bing

SS - | Demand 10-07-1658 0 | (c2wts) . (...) - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe

SS - | Auto 01-04-2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 01-04-2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 02-01-2013 171632 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

SS - | Demand 27-08-2013 828376 | (Intel® Capability Licensing Service TCP IP Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

SS - | Auto 03-12-2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

SS - | Demand 16-03-2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Demand 21-04-2014 572096 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

SS - | Disabled 10-07-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 18-12-2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 14-01-2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

SR - | Auto 10-07-1658 0 | (ANIWConnService) . (...) - C:\Windows\system32\ANIWConnService.exe

SR - | Auto 07-05-2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

SR - | Auto 17-01-2012 55296 | (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe

SR - | Auto 01-08-2013 954648 | (asHmComSvc) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe

SR - | Auto 13-08-2013 1656464 | (AsusFanControlService) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe

SR - | Demand 10-02-2012 240408 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe =>Toolbar.Bing

SR - | Demand 14-07-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 07-08-2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

SR - | Auto 27-08-2013 747520 | (Intel® Capability Licensing Service Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe

SR - | Auto 16-09-2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

SR - | Auto 16-09-2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

SR - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 02-04-2014 1615192 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

SR - | Auto 02-04-2014 20541216 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

SR - | Auto 04-03-2014 922968 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 10-07-1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe

SR - | Auto 04-03-2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SR - | Auto 14-04-2014 86744 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe =>.VMware, Inc

SR - | Auto 10-07-1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe

SR - | Auto 27-02-2014 906432 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

SR - | Auto 10-07-1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe

SR - | Auto 14-04-2014 14407384 | (VMwareHostd) . (...) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe =>.VMware, Inc

SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 14-07-2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 04s

---\\ Lista dos emuladores de CD/DVD (MBR Hook)

O58 - SDL:02-04-2014 - 11:51:39 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]

~ Emulateurs: Scanned in 00mn 04s

---\\ Scâner Aditional (088)

Database Version : 13045 - (26-04-2014)

Clés trouvées (Keys found) : 6

Valeurs trouvées (Values found) : 2

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio

[HKCU\Software\IObit Apps] =>PUP.Dealio

[HKCU\Software\AppDataLow\Software\IObit Apps] =>PUP.Dealio

[HKLM\Software\Wow6432Node\IObit Apps] =>PUP.Dealio

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe =>Toolbar.Bing^

C:\Windows\Installer\19ff9.msi =>Toolbar.Bing^

~ Additionnel Scan: 743094 Items scanned in 00mn 45s

---\\ Sumário das deteções encontradas na sua estação

http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings =>Adware.SearchSettings

http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio

~ MSI: 2 link(s) detected in 00mn 00s

~ 947 Legitimates filtered by white list

End of the scan (498 lines in 01mn 34s)(0)

[Power Max 54]

:seta: Acesse o site http://virscan.org e envie estes arquivos destacados em azul abaixo para serem analisados (um de cada vez) e à medida em que cada um deles for analisado copie o link que aparecerá na barra de endereços de seu navegador e poste estes dois links em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo:

C:\Windows\System32\DRIVERS\1210838drv.sys

C:\Windows\System32\DRIVERS\ndisrd.sys

 

Maiores informações de como enviar arquivos para análise no site VirScan você encontra neste tutorial:

 

Virscan: Um ótimo sistema que verifica arquivos com vários antivirus online ao mesmo tempo

_____________________________________________________________________________________________________

 

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos arquivos no site VirScan.

[Pedroalves 1]

segue-se o relatorio

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014

Fichier d'export Registre :

Run by Pedro at 27-04-2014 00:34:03

High Elevated Privileges : OK

Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)

Reparação de atalhos do navegador

========== Chaves do Registo ==========

ELIMINÉ CLSID MPSK: {aed34330-b9a8-11e3-88fe-806e6f6e6963}

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS

ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9

ELIMINÉ: HKCU\Software\IObit Apps

ELIMINÉ: HKCU\Software\AppDataLow\Software\IObit Apps

ELIMINÉ: HKLM\Software\Wow6432Node\IObit Apps

========== Valores do Registo ==========

ProxyFix : Configuração proxy removida com sucesso

ELIMINÉ ProxyServer Value

ELIMINÉ ProxyEnable Value

ELIMINÉ EnableHttp1_1 Value

ELIMINÉ ProxyHttp1.1 Value

ELIMINÉ ProxyOverride Value

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========

ELIMINÉ Temporários windows (114) (1.807.055 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========

8 : Chaves do Registo

6 : Valores do Registo

1 : Pastas

2 : Ficheiros

1 : Restauração Sistema

End of clean in 00mn 20s

========== Caminho do ficheiro do relatório ==========

C:\Users\Pedro\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27-04-2014 00:34:08 [1719]

e este dois ficheiros C:\Windows\System32\DRIVERS\1210838drv.sys

C:\Windows\System32\DRIVERS\ndisrd.sys

ja não se encontram

[Power Max 54]

esse dois ficheiros que diz ja não existem

 

*Clique com o botão direito do mouse no Zoek.exe e selecione

 

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

 

C:\Windows\System32\DRIVERS\1210838drv.sys;virustotal

C:\Windows\System32\DRIVERS\ndisrd.sys;virustotal

 

*Clique [Run Script]

 

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

 

 

*Caso a reinicialização do PC seja solicitada, clique [OK]

 

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

[Pedroalves 1]

no meu poste anterior a este eu editei e postei o relatorio que me pediu

segue-se o relatorio do zoe

Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by Pedro on 27-04-2014 at 0:39:52,44.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode No Internet Access Detected

Launched: C:\Users\Pedro\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-04-26-214254.log 51193 bytes

==== VirusTotal Scan ======================

C:\Windows\System32\DRIVERS\1210838drv.sys https://www.virustotal.com/file/B86050BD08BAEB51735249E691BEF21FC36880D3560F9327D6B6F952213A3526/analysis/

C:\Windows\System32\DRIVERS\ndisrd.sys https://www.virustotal.com/file/B0B2C55A73FD957D410C2A6C67C6BC93EA477BA905EE5DD074C85DDFAA4B9A68/analysis/

==== C:\zoek_backup content ======================

C:\zoek_backup (files=413 folders=541 1542164570 bytes)

==== EOF on 27-04-2014 at 0:40:26,95 ======================

[Power Max 54]

:seta: Abra novamente o ( ZHPDiag )

 

 

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

 

 

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Pedroalves 1]

~ Relatório do ZHPDiag v2014.4.26.45 - Nicolas Coolman (26-04-2014)

~ Iniciado por Pedro (27-04-2014 00:52:23)

~ Endereço do Website : http://nicolascoolman.webs.com

~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/

~ Tradução pelo utilizador

~ Estatuto da versão :

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Deactivate by program

---\\ Navegadores Internet

MSIE: Internet Explorer v11.0.9600.17041

GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema

Kaspersky Internet Security 2013 v13.0.1.4190

Malwarebytes Anti-Malware versão 2.0.1.1004

Windows Defender W7

---\\ Softwares d'optimização do sistema

CCleaner v4.13 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

Adobe Flash Player 10 ActiveX

Adobe Reader X

Java 7 Update 51

---\\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 4031 MB (46% free)

System Restore: Activé (Enable)

System drive C: has 374 GB (84%) free of 443 GB

---\\ Modo de conexão ao sistema

~ Computer Name: PEDRO-PC

~ User Name: Pedro

~ All Users Names: Pedro, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator

---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Pedro\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Pedro\AppData\Roaming\

~ %Desktop% : C:\Users\Pedro\Desktop\

~ %Favorites% : C:\Users\Pedro\Favorites\

~ %LocalAppData% : C:\Users\Pedro\AppData\Local\

~ %StartMenu% : C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 374 Go of 443 Go)

D: CD-ROM drive (Not Inserted)

E: CD-ROM drive (Not Inserted)

F: Hard drive, Flash drive, Thumb drive (Free 256 Go of 488 Go)

---\\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

~ Security Center: 44 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorador do Windows.) (.25-02-2011 - 06:19:30.) -- C:\Windows\Explorer.exe [2871808]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicação de Arranque do Windows.) (.14-07-2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensões da Internet para Win32.) (.06-03-2014 - 06:22:40.) -- C:\Windows\System32\wininet.dll [2260480]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicação de início de sessão do Windows.) (.20-11-2010 - 13:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20-11-2010 - 13:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-09-2013 - 01:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-07-2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13-07-2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 09:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 09:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 10:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Controlador de porta i8042.) (.13-07-2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-07-2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-04-2011 - 02:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 09:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Controlador de Sistema de Ficheiros NT.) (.24-01-2014 - 02:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Controlador de porta paralela.) (.14-07-2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 10:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20-11-2010 - 11:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-07-2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20-11-2010 - 09:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Controlador de cópia sombra do volume.) (.20-11-2010 - 13:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes Favoris (My Favorites) : 1/9

~ Mes Documents (My Documents) : 2/1614

~ Mon Bureau (My Desktop) : 1/40

~ Menu demarrer (Programs) : 1/46

~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados

[MD5.A0DB38F641EA7066EF979DFCD0316333] - (.ASUSTeK Computer Inc. - No Comment.) -- C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [1454224] [PID.2788]

[MD5.6E0E8049F778E99B53E0015FBA772578] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1425208] [PID.2796]

[MD5.36E65634909578B8CF863F4636F5E979] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1225528] [PID.2856]

[MD5.293770C94202D1EA18EE27E0D3EB6A41] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032] [PID.3884]

[MD5.F25BDB64996625C4B014F26572DEB647] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304] [PID.2032]

[MD5.ECDC0143B65DAD02CEC24BC08295959E] - (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe [1708032] [PID.3528]

[MD5.094E4E76FB9AB960A73F841BC6733F42] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848] [PID.3536]

[MD5.26443C4332B966C44481D1DE8D1BCBB4] - (.ASUSTek Computer Inc. - AiChargerPlus Application.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272] [PID.1512]

[MD5.F121A4E1799C490EAA3765FB6295E43E] - (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856] [PID.3544]

[MD5.E3573EBDE923BB48AE1C8672988B5772] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe [2630928] [PID.4184]

[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592] [PID.5812]

[MD5.2EBBBFC120593C683796092F2DDA0EFC] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.5616]

[MD5.80637A39C9F1C25FAC1E336BE1F9F162] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe [1221912] [PID.4384]

[MD5.7EA50DC775B557AD1E06ABF3C7A2A24D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7869952] [PID.1596]

[MD5.6C856C581ACE1785CE3FC2414E9859A3] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952] [PID.156]

[MD5.CDA9313E34887A111B8309B55BCDCD82] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.768]

[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2040]

[MD5.3C417A392EC51E601AC55B5E196549E7] - (.No owner - ANIWConnService.) -- C:\Windows\SysWOW64\ANIWConnService.exe [151552] [PID.1592]

[MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.1836]

[MD5.E536856E96A7605EBF580D62A868E5FE] - (...) -- C:\Windows\SysWOW64\ASGT.exe [55296] [PID.2112]

[MD5.5F1091FA113607C9C9B2ECF4FBC76F37] - (.ASUSTeK Computer Inc. - No Comment.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648] [PID.2140]

[MD5.3B3645A804E55005009E86626E9BA827] - (.ASUSTeK Computer Inc. - ASUS Motherboard Fan Control Service.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464] [PID.2176]

[MD5.A2494901E7226B356B8C1005C45F1C5F] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816] [PID.2948] =>Toolbar.Bing

[MD5.6822CA012769844EB14FD6634F22C4F6] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192] [PID.2332]

[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.2504]

[MD5.08E2C72275EEB2E74575D8176CC08EA6] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\SysWOW64\vmnat.exe [437976] [PID.2632]

[MD5.D07589E4434BD14E192ACED6C398B0CB] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [86744] [PID.3276]

[MD5.C04DA837FBC636DC88A2ACAEDB4E95F6] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\SysWOW64\vmnetdhcp.exe [359128] [PID.3468]

[MD5.81BC96818A1A718342B5A03BA34AED2A] - (...) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384] [PID.3948]

[MD5.20E83F4632E15A5E9E716FF2E8AC7FAE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.6508]

[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel® Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432] [PID.6792]

[MD5.3DE66F47365AA8CEB18B1EE272F4FEBA] - (.Intel Corporation - Intel® Local Management Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [390616] [PID.6892]

~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)

G2 - GCE: Preference [user Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] Kaspersky URL Advisor v.13.0.1.4190 (Activé)

G2 - GCE: Preference [user Data\Default] [hakdifolhalapjijoafobooafbilfakh] Safe Money v.13.0.1.4190 (Activé)

G2 - GCE: Preference [user Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Content Blocker v.13.0.1.4190 (Activé)

G2 - GCE: Preference [user Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Teclado virtual v.13.0.1.4292 (Activé)

G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [pjldcfjmnllhmgjclecdnfampinooman] Anti-Banner v.13.0.1.4190 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 21 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Outras conexões do utilizador (04)

O4 - GS\QuickLaunch [Pedro]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Pedro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - GS\TaskBar [Pedro]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Pedro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Global Startup: 4 Legitimates Filtered in 00mn 01s

---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [iAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe

O4 - HKLM\..\Run: [shadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll

O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Miniaplicações de Ambiente de Trabalho do W.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd

O4 - HKLM\..\Wow6432Node\Run: [ANIWZCS2Service] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Wow6432Node\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] . (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe

O4 - HKLM\..\Wow6432Node\Run: [uSB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

O4 - HKLM\..\Wow6432Node\Run: [ASUS AiChargerPlus Execute] . (.ASUSTek Computer Inc. - AiChargerPlus Application.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

O4 - HKLM\..\Wow6432Node\Run: [vmware-tray.exe] . (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe =>.VMware, Inc

O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Miniaplicações de Ambiente de Trabalho do W.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Miniaplicações de Ambiente de Trabalho do W.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-21-2955925240-1096623219-443652941-1000\..\Run: [sidebar] . (.Microsoft Corporation - Miniaplicações de Ambiente de Trabalho do W.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-21-2955925240-1096623219-443652941-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd

~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: Virtual Keyboard [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico

O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~4\Office14\ONBttnIE.dll (.not file.)

O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~4\Office14\ONBTTN~1.dll (.not file.)

O9 - Extra button: URLs check [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpDomain = lan

O17 - HKLM\System\CS1\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpDomain = lan

O17 - HKLM\System\CS2\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{23274D70-8BE4-42D0-9B4D-6BE4E8C79783}: DhcpDomain = lan

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: ASGT (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe

~ Services: 24 Legitimates Filtered in 00mn 02s

---\\ Tarefas planificadas automaticamente (039)

[MD5.36E65634909578B8CF863F4636F5E979] [APT] [ASUS DIPAwayMode] (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1225528]

[MD5.6E0E8049F778E99B53E0015FBA772578] [APT] [Ez Update] (...) -- C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1425208]

~ Scheduled Task: 18 Legitimates Filtered in 00mn 04s

---\\ Drivers lançados ao arranque do sistema (041)

O41 - Driver: (1210838drv) . (...) - C:\Windows\System32\DRIVERS\1210838drv.sys

O41 - Driver: (ndisrd) . (.NT Kernel Resources - NDISRD helper driver.) - C:\Windows\System32\DRIVERS\ndisrd.sys

~ Drivers: 93 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)

O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars

~ Logic: 7 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 25-04-2014 - 01:20:46 - [] ----D C:\Program Files (x86)\PokerStars

O43 - CFD: 01-04-2014 - 15:24:14 - [] -SH-D C:\ProgramData\Ambiente de trabalho

O43 - CFD: 02-04-2014 - 22:52:36 - [] ----D C:\Users\Pedro\AppData\Roaming\library_dir

O43 - CFD: 09-04-2014 - 11:27:48 - [] -SH-D C:\Users\Pedro\AppData\Local\EmieSiteList

O43 - CFD: 09-04-2014 - 11:27:48 - [] -SH-D C:\Users\Pedro\AppData\Local\EmieUserList

O43 - CFD: 25-04-2014 - 01:20:47 - [] ----D C:\Users\Pedro\AppData\Local\PokerStars

~ Program Folder: 220 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.AF34937075FC9B5FBF3D9F7E9C4BBCEB] - 23-04-2014 - 00:13:35 ---A- . (...) -- C:\Windows\System32\Drivers\1210838drv.sys [556632]

O44 - LFC:[MD5.B34AA7BCC68659569B1F5E776F4347A1] - 23-04-2014 - 23:25:29 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [154672]

O44 - LFC:[MD5.F960F4F40924DF192FC50DD470AC4093] - 23-04-2014 - 23:25:29 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [724696]

O44 - LFC:[MD5.088AB412D2D5DDB123AA36524A511426] - 25-04-2014 - 00:21:03 ---A- . (...) -- C:\Windows\win.ini [513]

O44 - LFC:[MD5.0EF3F2CF376F2D7B8E6A62E3C3D56B4E] - 25-04-2014 - 18:49:48 ----- . (...) -- C:\bootsqm.dat [3288]

O44 - LFC:[MD5.587C1C9D4F372D33AF857A06B0E1C994] - 26-04-2014 - 21:20:25 ---A- . (...) -- C:\ola.txt [1317]

O44 - LFC:[MD5.8D4C670C607AB6A9D9B2250E485274D8] - 26-04-2014 - 21:42:54 ---A- . (...) -- C:\zoek-results2014-04-26-214254.log [51193]

O44 - LFC:[MD5.9A3AE1E3ABC72B81617114A64659EF58] - 26-04-2014 - 23:40:26 ---A- . (...) -- C:\zoek-results.log [906]

~ Files: 49 Legitimates Filtered in 00mn 16s

---\\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- c:\users\pedro\appdata\roaming\utorrent\utorrent.exe =>P2P.BitTorrent

~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:23-04-2014 - 00:13:35 ---A- . (...) -- C:\Windows\System32\Drivers\1210838drv.sys [556632]

O58 - SDL:06-03-2009 - 17:10:10 ---A- . (.No owner - NDIS 6.0 Filter Driver.) -- C:\Windows\System32\Drivers\anodlwfx.sys [15872]

O58 - SDL:14-07-2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]

O58 - SDL:10-06-2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]

O58 - SDL:21-02-2013 - 03:40:38 R--A- . (.NT Kernel Resources - NDISRD helper driver.) -- C:\Windows\System32\Drivers\ndisrd.sys [32840]

O58 - SDL:19-04-2013 - 03:56:48 ---A- . (...) -- C:\Windows\System32\Drivers\nvflash.sys [15648]

O58 - SDL:02-04-2014 - 11:51:39 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]

O58 - SDL:14-07-2009 - 01:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]

O58 - SDL:22-08-2012 - 09:54:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]

O58 - SDL:14-09-2012 - 02:06:24 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]

O58 - SDL:02-04-2009 - 12:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]

~ Drivers: 95 Legitimates Filtered in 00mn 01s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)

O64 - Services: CurCS - 06-03-2009 - C:\Windows\System32\DRIVERS\anodlwfx.sys (anodlwf) .(.No owner - NDIS 6.0 Filter Driver.) - LEGACY_ANODLWF

O64 - Services: CurCS - 27-02-2014 - C:\Windows\system32\drivers\hcmon.sys (hcmon) .(.VMware, Inc. - VMware USB monitor.) - LEGACY_HCMON

O64 - Services: CurCS - 02-05-2013 - C:\Windows\System32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) - LEGACY_KNEPS

O64 - Services: CurCS - 10-06-2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV

O64 - Services: CurCS - 02-04-2014 - C:\Windows\system32\Drivers\sptd.sys (sptd) .(.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) - LEGACY_SPTD

O64 - Services: CurCS - 14-04-2014 - C:\Windows\system32\drivers\vmx86.sys (vmx86) .(.VMware, Inc. - VMware kernel driver.) - LEGACY_VMX86

O64 - Services: CurCS - 22-02-2013 - C:\Windows\Syswow64\drivers\vstor2-mntapi20-shared.sys (vstor2-mntapi20-shared) .(.VMware, Inc. - VMware Virtual Storage Volume Driver.) - LEGACY_VSTOR2-MNTAPI20-SHARED

~ Legacy: 141 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKCU] {BD237E9E-5C24-4EE5-9D3C-FD15335077EC} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.4F029701879F1CEB02EB7907DC565248] [sPRF][26-04-2014] (...) -- C:\Users\Pedro\Desktop\AdwCleaner.exe [1330861]

[MD5.2ED2319F3DE13495AAA49B70A1467055] [sPRF][26-04-2014] (...) -- C:\Users\Pedro\Desktop\zoek.exe [1285120]

~ Files: 4 Legitimates Filtered in 00mn 01s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{E613F94C-5006-4875-A647-5303ADD106A1}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Pedro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O87 - FAEL: "{5372F9FB-0BC7-40E4-937D-3456140D1BFF}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Pedro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Firewall: 2 Legitimates Filtered in 00mn 01s

---\\ Listagem dos códigos dos software (PUC) (090)

O90 - PUC: "7E9C3C6D433D8194DB75B5E11FC402D7" . (.Bing Bar.) -- C:\Windows\Installer\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}\icon_installer_ico =>Toolbar.Bing

~ Update Products: 1 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)

[MD5.591EC048F441F92CE7B56D61A1EE92E1] [WIS][10-02-2012] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\19ff9.msi [475136] =>Toolbar.Bing

~ WIS: 1 Legitimates Filtered in 00mn 04s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 13-04-2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 25-04-2014 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

SS - | Demand 10-02-2012 240408 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe =>Toolbar.Bing

SS - | Demand 10-07-1658 0 | (c2wts) . (...) - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe

SS - | Auto 01-04-2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 01-04-2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 02-01-2013 171632 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

SS - | Demand 27-08-2013 828376 | (Intel® Capability Licensing Service TCP IP Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

SS - | Auto 03-12-2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

SS - | Demand 16-03-2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Demand 21-04-2014 572096 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

SS - | Disabled 10-07-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 18-12-2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 14-01-2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

SR - | Auto 10-07-1658 0 | (ANIWConnService) . (...) - C:\Windows\system32\ANIWConnService.exe

SR - | Auto 07-05-2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

SR - | Auto 17-01-2012 55296 | (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe

SR - | Auto 01-08-2013 954648 | (asHmComSvc) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe

SR - | Auto 13-08-2013 1656464 | (AsusFanControlService) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe

SR - | Auto 10-02-2012 193816 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe =>Toolbar.Bing

SR - | Demand 14-07-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 07-08-2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

SR - | Auto 27-08-2013 747520 | (Intel® Capability Licensing Service Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe

SR - | Auto 16-09-2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

SR - | Auto 16-09-2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

SR - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 02-04-2014 1615192 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

SR - | Auto 02-04-2014 20541216 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

SR - | Auto 04-03-2014 922968 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 10-07-1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe

SR - | Auto 04-03-2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SR - | Auto 14-04-2014 86744 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe =>.VMware, Inc

SR - | Auto 10-07-1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe

SR - | Auto 27-02-2014 906432 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

SR - | Auto 10-07-1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe

SR - | Auto 14-04-2014 14407384 | (VMwareHostd) . (...) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe =>.VMware, Inc

SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 14-07-2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 05s

---\\ Lista dos emuladores de CD/DVD (MBR Hook)

O58 - SDL:02-04-2014 - 11:51:39 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]

~ Emulateurs: Scanned in 00mn 05s

---\\ Scâner Aditional (088)

Database Version : 13045 - (26-04-2014)

Clés trouvées (Keys found) : 1

Valeurs trouvées (Values found) : 2

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe =>Toolbar.Bing^

C:\Windows\Installer\19ff9.msi =>Toolbar.Bing^

~ Additionnel Scan: 743025 Items scanned in 00mn 45s

---\\ Sumário das deteções encontradas na sua estação

~ MSI: 0 link(s) detected in 00mn 00s

~ 944 Legitimates filtered by white list

End of the scan (479 lines in 01mn 37s)(0)

[Power Max 54]

Como está seu PC após estes procedimentos? O problema que você citou no início do seu tópico foi resolvido ou ainda continua?

[Pedroalves 1]

acho que esta melhor

afinal os dois ficheiros que me pediu existem tive que fazer uma copia para o ambiente trabalho para poder scaner-los com o virus total

desculpa mas pelo o virustotal não me aparecia os ficheiros

C:\Windows\System32\DRIVERS\1210838drv.sys econtrace limpo

segue se o limpo segue-se o link

https://www.virustotal.com/pt/file/b86050bd08baeb51735249e691bef21fc36880d3560f9327d6b6f952213a3526/analysis/1398556939/

C:\Windows\System32\DRIVERS\ndisrd.sys se encontra tb limpo

https://www.virustotal.com/pt/file/b0b2c55a73fd957d410c2a6c67c6bc93ea477ba905ee5dd074c85ddfaa4b9a68/analysis/1398557162/

[Power Max 54]

sim, quanto aos ficheiros nós já tínhamos analisado eles no Virus Total com aquele último procedimento que te indiquei com o Zoek, realmente eles estão limpos.

 

Mas e quanto aquele problema que você citou no início do tópico quanto à linha de comando sem você sequer ter executado, isto ainda acontece ou não?