Olá Moicano.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

:seta: Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

Ficamos na espera.

AdwCleaner v3.212 - Relatório criado 13/06/2014 às 23:34:27

Atualizado 05/06/2014 por Xplode

Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)

Usuário : Pierre Cardoso - PIERRECARDOSO

Executando de : C:\Users\Pierre Cardoso\Desktop\AdwCleaner.exe

Opção : Limpar

*** [ Serviços ] ***

*** [ Arquivos / Pastas ] ***

*** [ Atalhos ] ***

*** [ Registro ] ***

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Chave Deletedo : HKLM\Software\dt soft\daemon tools toolbar

*** [ Navegadores ] ***

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1183 octets] - [13/06/2014 23:33:47]
AdwCleaner[s0].txt - [1095 octets] - [13/06/2014 23:34:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1155 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Fiz tudo como manda o tutorial, mas o Zoek não abre de jeito nenhum! Coloco pra executar como administrador, o windows pergunta se quero permitir que o programa faça alterações no computador e eu clico em 'sim', mas ainda assim o Zoek não abre. A rodinha azul (antiga ampulheta) do cursor roda por 2 segundos e para, sem abrir o Zoek.

tem vezes que o Zoek demora até uns 12 minutos para abrir.

Fui dormir, acordei e não tinha nenhum Zoek aberto. Ou seja, ele não abriu realmente.

Oush! Abriu agora do nada! Vou fazer os procedimentos.

Oush! Abriu agora do nada! Vou fazer os procedimentos.

valeu, fico na espera.

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Pierre Cardoso on 14/06/2014 at 9:40:31,82.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pierre Cardoso\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

14/06/2014 09:43:33 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

Copyright © 1993-2006 Microsoft Corp.

This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

This file contains the mappings of IP addresses to host names. Each

entry should be kept on an individual line. The IP address should

be placed in the first column followed by the corresponding host name.

The IP address and the host name should be separated by at least one

space.

Additionally, comments (such as these) may be inserted on individual

lines or following the machine name denoted by a '#' symbol.

For example:

102.54.94.97 rhino.acme.com # source server

38.25.63.10 x.acme.com # x client host

localhost name resolution is handle within DNS itself.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\PIERRE~1\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\prefs.js:

Added to C:\Users\PIERRE~1\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");

user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\PIERRE~1\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240

user.js not found
---- Lines ask.com removed from prefs.js ----
user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----

prefs_062014_0950_.backup

==== Deleting Files \ Folders ======================

C:\Users\Pierre Cardoso\AppData\Local\cache deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [11/09/2013 06:54]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [24/05/2014 01:44]

==== Firefox Extensions ======================

ProfilePath: C:\Users\PIERRE~1\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240

• Flashblock - C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}


• WOT - C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}


• Portugus Brasileiro Nova Ortografia - %ProfilePath%\extensions\pt-BR@dictionaries.addons.mozilla.org


• Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}


• WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}


• Desprotetor de Links - %ProfilePath%\extensions\desprotetordelinks@claudio-silva.com.xpi


• leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi


• NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi


• Facebook Photo Zoom - %ProfilePath%\extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

• Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240
B52EFEC8EEF9A7809376795ED3699826 - C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
D493C8FC0D0FD015BB9765658D77346E - C:\Users\Pierre Cardoso\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
555E65306A5D3A5978BE74E1DD62CDD9 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer HTML5VideoShim Plug-In (32-bit)
7B448B2B45428218D0D87376A2FF9FC2 - C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[24/05/2014 01:44]

Google Docs - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{searchCLSID} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0CFC0FF2-7D28-4419-B506-086356381DDA} Americanas.com.br Url="http://www.americanas.com.br/busca/{searchTerms}"
{0D763647-EF4D-4055-AA9E-5AA247285547} Saraiva.com Url="http://www.livrariasaraiva.com.br/pesquisaweb/pesquisaweb.dll/pesquisa?FILTRON1=X&PALAVRASN1={searchTerms}&ESTRUTN1=&MODELON1=C&ORDEMN1=E&QTTOP=100"
{0EACAB93-7E9C-41D7-ACE4-B696381E2C0E} Wikipedia (br) Url="http://br.wikipedia.org/w/index.php?title=Dibar:Klask&search={searchTerms}"
{5D3373DE-E345-414F-9E6C-5EA687463EA2} Submarino.com Url="http://www.submarino.com.br/busca?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{9AFB250B-3A9F-4BE3-BA52-E5235AC5E952} Google Url="http://www.google.com/search?hl=en&q={searchTerms}"
{A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox"
{E354496C-DDB9-47A7-A193-3ED9DEE8EA88} Bondfaro Url="http://www.bondfaro.com.br/cprocura?produto={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Pierre Cardoso\Desktop\Blogs e Páginas.lnk -
C:\Users\Pierre Cardoso\Desktop\Concursos Públicos.lnk -
C:\Users\Pierre Cardoso\Desktop\Pierre Cardoso (P).lnk - P:\
C:\Users\UpdatusUser\Desktop\Calendário do desktop.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\GunboundPS.lnk - C:\Game\SoftnyxGame\GunBoundPS\NyxLauncher.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftnyxGame\GunboundPS\Gunbound Home page.lnk - C:\Game\SoftnyxGame\GunBoundPS\GunBound.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftnyxGame\GunboundPS\Gunbound Uninstall.lnk - C:\Game\SoftnyxGame\GunBoundPS\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftnyxGame\GunboundPS\Gunbound.lnk - C:\Game\SoftnyxGame\GunBoundPS\NyxLauncher.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BF1942.lnk - C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\ClocX.lnk - C:\Program Files\ClocX\ClocX.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Diablo II - Lord of Destruction.lnk - C:\Program Files (x86)\Diablo II\Diablo II.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Full Tilt Poker.lnk - C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gios PDF Splitter and Merger for Windows.lnk - C:\Users\Pierre Cardoso\Documents\GiosPSM\GiosPSM.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gunbound.lnk - C:\Game\SoftnyxGame\GunBoundPS\NyxLauncher.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\HP Scan.lnk - C:\Program Files (x86)\hp\HP Deskjet 2050 J510 series\bin\HPScan.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PartyPoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Play GTA Vice City.lnk - C:\Program Files (x86)\Rockstar Games\Grand Theft Auto Vice City\gta-vc.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Project64 1.6.lnk - C:\Program Files (x86)\Project64 1.6\Project64.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pierre Cardoso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pierre Cardoso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Pierre Cardoso\AppData\Local\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2 folders=20 75982 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pierre Cardoso\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PIERRE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 14/06/2014 at 9:59:14,32 ======================

Como está a situação depois destes procedimentos?

Por enquanto, tudo normal. Os fatos ocorreram de maneira isolada. Dê-me 24 horas para eu fazer uma observação maior..

Ok, depois você nos diz como está o PC.

A única coisa estranha que está rolando até agora é que está abrindo o site do Google toda vez que abro uma nova aba no Mozzila Firefox. Já configurei para abrir uma página em branco, mas o navegador insiste em abrir o Google.

Abra o Firefox e na barra de endereços digite about:config e tecle Enter.

Poderá aparecer uma mensagem dizendo "This might void your warranty!"
Clique em I'll be careful, I promise! (serei cuidadoso, eu prometo), para continuar para a página about:config

Tecle browser.newtab.url na caixa de pesquisa.

Dê um duplo clique em browser.newtab.url e troque a URL para about:newtab

Click OK e feche o about:config tab

Depois nos diga se resolveu.

Resolvido. Muitíssimo obrigado!

TÓPICO REABERTO A PEDIDO DO AUTOR.

Baixe o programa Junkware Removal Tool no link abaixo:
http://thisisudax.org/downloads/JRT.exe

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Pierre Cardoso on 16/06/2014 at 10:55:51,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASDLG
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0EACAB93-7E9C-41D7-ACE4-B696381E2C0E}

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Pierre Cardoso\AppData\Roaming\mozilla\firefox\profiles\3dkhh8bj.default-1379274333240\minidumps [272 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/06/2014 at 11:00:34,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:seta: Faça o download do < ZHPDiag > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" />> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

/applications/core/interface/imageproxy/imageproxy.php?img=http://i60.tinypic.com/2aa105k.jpg&key=659975b6a4293f840e4a650a3c991254f7af1289074773c9a48692c9533e270a" alt="2aa105k.jpg" />

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.6.16.92 - Nicolas Coolman (16/06/2014)
~ Iniciado por Pierre Cardoso (16/06/2014 12:10:49)
~ Endereço do Website : http://www.paologios.com]
[HKCU\Software\SERPRO]
[HKCU\Software\VCM]
[HKCU\Software\nester]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Full Tilt Poker]
[HKLM\Software\Wow6432Node\SIC]
~ Key Software: 409 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/07/2010 - 23:13:17 - [] ----D C:\Program Files (x86)\Central de Jogos
O43 - CFD: 15/11/2010 - 22:16:00 - [] ----D C:\Program Files (x86)\Formats
O43 - CFD: 19/04/2014 - 13:12:19 - [] ----D C:\Program Files (x86)\Full Tilt Poker
O43 - CFD: 21/08/2012 - 20:32:56 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 14/03/2014 - 20:28:54 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 27/01/2014 - 22:06:48 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 09/07/2010 - 10:54:12 - [] ----D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 05/01/2010 - 15:50:23 - [] --H-D C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}
O43 - CFD: 14/02/2013 - 20:18:08 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\cef-cache
O43 - CFD: 11/08/2012 - 22:28:28 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Party
O43 - CFD: 22/03/2011 - 14:02:30 - [] ----D C:\Users\Pierre Cardoso\AppData\Local\CPN
O43 - CFD: 19/04/2014 - 13:12:16 - [] ----D C:\Users\Pierre Cardoso\AppData\Local\FullTiltPoker
O43 - CFD: 14/04/2011 - 14:29:32 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 29/04/2013 - 22:59:37 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 14/03/2014 - 20:28:24 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 260 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.2034011358FAECA28DBF16F1D69E2BE7] - 10/06/2014 - 22:56:11 ---A- . (...) -- C:\Windows\wpd99.drv [59]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 14/06/2014 - 09:40:21 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
~ Files: 47 Legitimates Filtered in 00mn 03s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:29/05/2012 - 14:53:30 ---A- . (.Windows ® Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/04/2012 - 22:09:43 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:09/10/2012 - 08:29:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [46440]
O58 - SDL:08/04/2014 - 18:22:39 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 64 Legitimates Filtered in 00mn 03s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Pierre Cardoso - 3dkhh8bj.default-1379274333240] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0CFC0FF2-7D28-4419-B506-086356381DDA} - (Americanas.com.br) - http://www.americanas.com
O69 - SBI: SearchScopes [HKCU] {0D763647-EF4D-4055-AA9E-5AA247285547} - (Saraiva.com) - http://www.livrariasaraiva.com
O69 - SBI: SearchScopes [HKCU] {5D3373DE-E345-414F-9E6C-5EA687463EA2} - (Submarino.com) - http://www.submarino.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9AFB250B-3A9F-4BE3-BA52-E5235AC5E952} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {E354496C-DDB9-47A7-A193-3ED9DEE8EA88} - (Bondfaro) - http://www.bondfaro.com
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D96EC2DE0DF19F3323E0CECFB49FCAFF] [sPRF][09/12/2013] (...) -- C:\Users\Pierre Cardoso\AppData\Roaming\unins000.dat [33278]
[MD5.C11706D2FD4AFCB8B0D6DAA0EF55D2C8] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\Rar.exe [403968]
[MD5.8C458DC9E7DC6EC0DC5F24C999AFA4C7] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\RarExt64.dll [193536]
[MD5.AD08FE53A5E484EA568D60544EF3F05C] [sPRF][25/04/2012] (...) -- C:\Program Files (x86)\rarnew.dat [20]
[MD5.8C95C6D737C450F0B847C22B9BA88766] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\UnRAR.exe [266240]
[MD5.BD3165A325F222F642F743B6CF2937ED] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\WinRAR.exe [1150464]
[MD5.76CDB2BAD9582D23C1F6F4D868218D6C] [sPRF][25/04/2012] (...) -- C:\Program Files (x86)\zipnew.dat [22]
~ Files: 12 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{A1092867-F199-4D94-A2A5-3CDF72CE0F5A}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{2D5B64E1-7283-4B78-ACB9-A7604D60BF6B}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent

---\\ Search Tracing Registry Key (O100)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLord_RASAPI32 =>Adware.WhenUSave
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLord_RASMANCS =>Adware.WhenUSave
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 22/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:13/04/2012 - 22:09:43 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
~ Emulateurs: Scanned in 00mn 05s

---\\ Scâner Aditional (088)
Database Version : 13026 - (16/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 396051 Items scanned in 00mn 39s

---\\ Informações complémentaires do módulos
~ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ AMI: 3 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
=>Adware.WhenUSave
~ MSI: 1 link(s) detected in 00mn 00s

~ 1001 Legitimates filtered by white list
End of the scan (474 lines in 01mn 24s)(0)

Precisei desligar o computador por 10 minutos e, ao religar, ele faz uma verificação de disco que nunca vi:

/applications/core/interface/imageproxy/imageproxy.php?img=http://2.bp.blogspot.com/-9FEoVYhB4IA/U58-wLHmSrI/AAAAAAAAAS0/pysjIvl7uzI/s1600/10365625_658672584207909_4176646211135873934_o.jpg&key=98c37715f65796b5a5e8eaaa38800dfdd3802409d0ac9c22ca438f921a64a3cf" alt="10365625_658672584207909_417664621113587" />

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.

_______________________________________________________________________

:seta: Acesse o site https://www.virustotal.com e envie estes arquivos destacados em negrito abaixo para serem analisados:

C:\Program Files (x86)\Central de Jogos\Central.exe

C:\Windows\wpd99.drv

Assim que a análise de cada um deles for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

Analise arquivos e links suspeitos de forma online e totalmente gratuita

______________________________________________________________

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

:veja: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos arquivos no site Virus Total.

Central já tinha sido analisado antes:
https://www.virustotal.com/pt/file/0e875b393f62f5912887a74a45793dbc476e82073e4dcdb7f6c8e1439a8385b8/analysis/

wpd99:
https://www.virustotal.com/pt/file/5a8368a73715db122d76f8ba691e57a0fb264aa12a2a158db976a99d7c51532b/analysis/1402947617/

ZHPFIX:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Pierre Cardoso at 16/06/2014 16:46:02
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLord_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLord_RASMANCS

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: user_pref("weboftrust.search.ask.display", "Ask.com Web Search");

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\tasks\pcdrscheduledmaintenance
ELIMINÉ Temporários windows (3) (56.188 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
2 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Preferências do navegador
1 : Restauração Sistema

End of clean in 00mn 37s

========== Caminho do ficheiro do relatório ==========
C:\Users\Pierre Cardoso\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/06/2014 16:46:07 [1498]

Reinicie o PC para completar a limpeza.

Depois de reiniciar abra novamente o ( ZHPDiag )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pergaminho2_zps6e758639.jpg&key=6ea716e3ff0c1e80fdbb9b821ab86cbec4d10a8ec6466840625e1b7577bb9e18" alt="ZHPDiag_Pergaminho2_zps6e758639.jpg" />

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPDiag_Pesquisar_zps3acb0f25.jpg&key=a9db759c6eb2aaf3d21c25042f3a945d994ff770b624f42b57ce9b23ef895a51" alt="ZHPDiag_Pesquisar_zps3acb0f25.jpg" />

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

/applications/core/interface/imageproxy/imageproxy.php?img=http://i39.servimg.com/u/f39/11/05/93/83/zhpdia11.png&key=cd2bcbee7ecda71a202f64af97b2896faaf1bddc4af00b80af5b456d12007af6" alt="zhpdia11.png" />

~ Relatório do ZHPDiag v2014.6.16.92 - Nicolas Coolman (16/06/2014)
~ Iniciado por Pierre Cardoso (16/06/2014 17:43:56)
~ Endereço do Website : http://www.paologios.com]
[HKCU\Software\SERPRO]
[HKCU\Software\VCM]
[HKCU\Software\nester]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Full Tilt Poker]
[HKLM\Software\Wow6432Node\SIC]
~ Key Software: 409 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/07/2010 - 23:13:17 - [] ----D C:\Program Files (x86)\Central de Jogos
O43 - CFD: 15/11/2010 - 22:16:00 - [] ----D C:\Program Files (x86)\Formats
O43 - CFD: 19/04/2014 - 13:12:19 - [] ----D C:\Program Files (x86)\Full Tilt Poker
O43 - CFD: 21/08/2012 - 20:32:56 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 14/03/2014 - 20:28:54 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 27/01/2014 - 22:06:48 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 09/07/2010 - 10:54:12 - [] ----D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 05/01/2010 - 15:50:23 - [] --H-D C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}
O43 - CFD: 14/02/2013 - 20:18:08 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\cef-cache
O43 - CFD: 11/08/2012 - 22:28:28 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Party
O43 - CFD: 22/03/2011 - 14:02:30 - [] ----D C:\Users\Pierre Cardoso\AppData\Local\CPN
O43 - CFD: 19/04/2014 - 13:12:16 - [] ----D C:\Users\Pierre Cardoso\AppData\Local\FullTiltPoker
O43 - CFD: 14/04/2011 - 14:29:32 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 29/04/2013 - 22:59:37 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 14/03/2014 - 20:28:24 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 260 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 14/06/2014 - 09:40:21 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.0C6AAF4486F82C18C40BB5C1764A36F0] - 16/06/2014 - 15:51:03 ----- . (...) -- C:\bootsqm.dat [3288]
O44 - LFC:[MD5.F182F2A8B007FD133FF64745F182E18A] - 16/06/2014 - 16:13:40 ---A- . (...) -- C:\Windows\wpd99.drv [60]
~ Files: 51 Legitimates Filtered in 00mn 36s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:29/05/2012 - 14:53:30 ---A- . (.Windows ® Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/04/2012 - 22:09:43 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:09/10/2012 - 08:29:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [46440]
O58 - SDL:08/04/2014 - 18:22:39 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 64 Legitimates Filtered in 00mn 01s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0CFC0FF2-7D28-4419-B506-086356381DDA} - (Americanas.com.br) - http://www.americanas.com
O69 - SBI: SearchScopes [HKCU] {0D763647-EF4D-4055-AA9E-5AA247285547} - (Saraiva.com) - http://www.livrariasaraiva.com
O69 - SBI: SearchScopes [HKCU] {5D3373DE-E345-414F-9E6C-5EA687463EA2} - (Submarino.com) - http://www.submarino.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9AFB250B-3A9F-4BE3-BA52-E5235AC5E952} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {E354496C-DDB9-47A7-A193-3ED9DEE8EA88} - (Bondfaro) - http://www.bondfaro.com
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D96EC2DE0DF19F3323E0CECFB49FCAFF] [sPRF][09/12/2013] (...) -- C:\Users\Pierre Cardoso\AppData\Roaming\unins000.dat [33278]
[MD5.C11706D2FD4AFCB8B0D6DAA0EF55D2C8] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\Rar.exe [403968]
[MD5.8C458DC9E7DC6EC0DC5F24C999AFA4C7] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\RarExt64.dll [193536]
[MD5.AD08FE53A5E484EA568D60544EF3F05C] [sPRF][25/04/2012] (...) -- C:\Program Files (x86)\rarnew.dat [20]
[MD5.8C95C6D737C450F0B847C22B9BA88766] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\UnRAR.exe [266240]
[MD5.BD3165A325F222F642F743B6CF2937ED] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\WinRAR.exe [1150464]
[MD5.76CDB2BAD9582D23C1F6F4D868218D6C] [sPRF][25/04/2012] (...) -- C:\Program Files (x86)\zipnew.dat [22]
~ Files: 12 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{A1092867-F199-4D94-A2A5-3CDF72CE0F5A}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{2D5B64E1-7283-4B78-ACB9-A7604D60BF6B}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent

---\\ Search Tracing Registry Key (O100)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 22/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:13/04/2012 - 22:09:43 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
~ Emulateurs: Scanned in 00mn 05s

---\\ Scâner Aditional (088)
Database Version : 13026 - (16/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 396117 Items scanned in 00mn 44s

---\\ Informações complémentaires do módulos
~ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/%C2'> =>.Browser Helper Objects do navegador (02)
~ AMI: 3 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s

~ 1005 Legitimates filtered by white list
End of the scan (471 lines in 02mn 04s)(0)

Faltou você seguir aquele tutorial que te passei para escolher os programas que iniciam com o PC, ainda há vários iniciando sem necessidade. Fora isto, o log está limpo.

Como está o PC?

Os programas que se iniciam ou são importante (skydrive, coisa da placa de vídeo) ou eu não sei do que se trata.

Devo desativar todos e deixar apenas o que for de defesa?

O aviso do Avira de bloqueio de Host continua. Notei que fica aparecendo enquanto navego no facebook.