Remoção de Malwares em meu notebook

Segue relatório:



~ Relatório do ZHPDiag v2014.1.17.19 - Nicolas Coolman (17/01/2014)
~ Iniciado por Reinaldo (18/01/2014 15:48:51)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v32.0.1700.76 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3990 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 395 GB (86%) free of 458 GB

---\\ Modo de conexão ao sistema
~ Computer Name: REINALDO-STI
~ User Name: Reinaldo
~ All Users Names: Reinaldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Reinaldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Reinaldo\AppData\Roaming\
~ %Desktop% : C:\Users\Reinaldo\Desktop\
~ %Favorites% : C:\Users\Reinaldo\Favorites\
~ %LocalAppData% : C:\Users\Reinaldo\AppData\Local\
~ %StartMenu% : C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 395 Go of 458 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.11/07/2012 - 07:53:38.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 04:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.11/07/2012 - 07:58:16.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/7
~ Mon Bureau (My Desktop) : 1/243
~ Menu demarrer (Programs) : 1/56
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896] [PID.3788]
[MD5.537B99E95616D384EB5DF2D30AA784F0] - (.PSafe - PSafe System Tray.) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe [4247752] [PID.3856]
[MD5.F23FEC819F6D1181C47374DF8EE89A6E] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe [1300672] [PID.3904] =>Adware.BDSearch
[MD5.E912D9CA51CB0F3165457E03B8EA8B33] - (.PSafe S.A. - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWDS.exe [124616] [PID.3976]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8336896] [PID.4112]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1428]
[MD5.777E031B6C740148E935066F37B49AF8] - (.National Instruments Corporation - lkads.) -- C:\Windows\SysWOW64\lkads.exe [50328] [PID.1468]
[MD5.68C5321CBC7BE2FA7278809A2D6544D0] - (.National Instruments Corporation - MXS Service.) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360] [PID.1516]
[MD5.62E7B5EF6BEC714BC200C661BA940F54] - (.National Instruments Corporation - nidmsrv.) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328] [PID.1536]
[MD5.D66D5FCC4911646347F9F5CD8C3F0000] - (.National Instruments Corporation - System Web Server Daemon.) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952] [PID.1624]
[MD5.B88353EFE93AC3C6518415621FD8EBCB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [679920] [PID.1656] =>Adware.BDSearch
[MD5.B21A8C1B0C8E8EB227AB6F6C49D5501D] - (.PSafe S/A - PSafe Core Service.) -- C:\Program Files (x86)\PSafe\psafesvc.exe [2592456] [PID.2040]
[MD5.826B554B6CA0E619F32ACC43D7D317CD] - (.PSafe S.A. - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWD.exe [265416] [PID.996]
[MD5.20CDB07017497C94A0BAD253C4BAFCBC] - (.National Instruments, Inc. - Part of Logos.) -- C:\Windows\SysWOW64\lkcitdl.exe [695136] [PID.2144]
[MD5.23A07F37756F44ED738BCD931EBFFCED] - (.National Instruments Corporation - lktsrv.) -- C:\Windows\SysWOW64\lktsrv.exe [60568] [PID.2228]
[MD5.30B05E4E963E663E2A7D110048FD1A02] - (.National Instruments Corporation - NI Variable Engine.) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624] [PID.2372]
[MD5.2FADAD2DED79972C0B25570394AA519C] - (.National Instruments Corporation - Application Web Server Daemon.) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960] [PID.2608]
[MD5.902A9B8EC25EAC8C8DD5594F5866F80C] - (.National Instruments Corporation - National Instruments Zeroconf Service.) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776] [PID.2644]
[MD5.DF0AB139C5C5ADEF39A88D7FE51F0CB4] - (.National Instruments Corporation - National Instruments Network Discovery Serv.) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192] [PID.1856]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ammjbfijeglcdlnlnhlkdhgjnlgmpehe] glindorus v.1.0.0 (Désactivé) =>PUP.Glindorus
G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.6.2 (Désactivé) =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.7.6, (Désactivé) =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [jpmbfleldcgkldadpdinhjjopdfpjfjp] Wajam v.1.24 (Désactivé) =>PUP.Wajam
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 20 Legitimates Filtered in 00mn 03s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = home.psafe.com
~ IE Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.102.0.15:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Guia Multimídia.lnk . (...) -- C:\Windows\Installer\{7C8DCE03-8946-472A-A41C-7953269EF17F}\_1E8B57E217D6A54FAF778B.exe
O4 - GS\Desktop [Public]: HSPA MODEM.lnk . (...) -- C:\Program Files (x86)\HSPA MODEM\HSPA MODEM\StartUp.exe
O4 - GS\Desktop [Public]: MATLAB R2008b.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) -- C:\Program Files (x86)\MATLAB\R2008b\bin\matlab.exe
O4 - GS\Desktop [Public]: NI MAX.lnk . (.National Instruments Corporation - Measurement & Automation Explorer.) -- C:\Program Files (x86)\National Instruments\MAX\NIMax.exe
O4 - GS\Desktop [Public]: Prezi Desktop.lnk . (...) -- C:\Program Files (x86)\Prezi\Prezi.exe
O4 - GS\Desktop [Public]: Sistema de Recuperação STI.lnk . (...) -- C:\Windows\Installer\{C247203E-3833-45A5-AEBA-403EBBA67AD7}\_F1E53105AC99C346B2A794.exe
O4 - GS\Program [Public]: National Instruments LabVIEW 2012 (32-bit).lnk . (.National Instruments Corporation - LabVIEW 12.0 Development System.) -- C:\Program Files (x86)\National Instruments\LabVIEW 2012\LabVIEW.exe
O4 - GS\Program [Public]: Prezi Desktop.lnk . (...) -- C:\Program Files (x86)\Prezi\Prezi.exe
O4 - GS\QuickLaunch [Reinaldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Reinaldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Reinaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Program [Reinaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Reinaldo]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\SystemTools [Reinaldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Reinaldo]: Baidu PC Faster.lnk . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe =>Adware.BDSearch
O4 - GS\Desktop [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Desktop [Reinaldo]: Foxit PDF Editor.lnk . (.Foxit Corporation - Foxit PDF Editor, the first REAL editor for.) -- C:\Program Files (x86)\Foxit Software\PDF Editor\PDFEdit.exe
O4 - GS\Desktop [Reinaldo]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Global Startup: 65 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\RunOnce: [Application Restart #4] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_br_4] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [fst_br_8] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe =>Adware.BDSearch
O4 - HKLM\..\Wow6432Node\Run: [PSafeTray] . (.PSafe - PSafe System Tray.) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe
O4 - HKLM\..\Wow6432Node\Run: [PSafeWDS] . (.PSafe S.A. - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWDS.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\RunOnce: [Application Restart #4] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.137 189.6.0.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.137 189.6.0.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.137 189.6.0.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.6.0.137 189.6.0.131
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
O23 - Service: PSafeSVC (PSafeSVC) . (.PSafe S/A - PSafe Core Service.) - C:\Program Files (x86)\PSafe\psafesvc.exe
O23 - Service: PSafeWD (PSafeWD) . (.PSafe S.A. - PSafeWD.) - C:\Program Files (x86)\PSafe\PSafeWD.exe
~ Services: 17 Legitimates Filtered in 00mn 06s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Digital Sites.job [320]
[MD5.FE1D9A95168499203C96D9F3DD27DD82] [APT] [Baidu PC Faster Update] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe [1084912] =>Adware.BDSearch
[MD5.00000000000000000000000000000000] [APT] [Digital Sites] (...) -- C:\Users\Reinaldo\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (.not file.) [0] =>Hijacker.DSite
[MD5.00000000000000000000000000000000] [APT] [{6AD1CCB2-D050-4960-B995-71713B25F5CF}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0] =>Adware.BDSearch
[MD5.00000000000000000000000000000000] [APT] [{8C3FF1B8-C1C0-4FF7-9AFB-C79797F158EC}] (...) -- C:\Program Files (x86)\Plus-HD-2.3\Uninstall.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [{919EEF3B-78C3-4DC8-9D74-C5BED338E16B}] (...) -- E:\OFFICE\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9DF49771-EFAC-47CE-94DD-1FF709CB5DC9}] (...) -- c:\users\Reinaldo\appdata\local\lollipop\lollipop.bat (.not file.) [0] =>Adware.Lollipop
~ Scheduled Task: 18 Legitimates Filtered in 00mn 02s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (BAPIDRV) . (.360.cn - BAPIDRV.) - C:\Windows\system32\Drivers\BAPIDRV64.sys
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys =>Adware.BDSearch
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys =>Adware.BDSearch
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys =>Adware.BDSearch
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Baidu PC Faster - (.Baidu, Inc..) [HKLM][64Bits] -- Baidu PC Faster 4.0.0.0 =>Adware.BDSearch
O42 - Logiciel: Driver 1.3.1 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.9.2 - (.OEM.) [HKLM][64Bits] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: OSD 1.15.3 - (.OEM.) [HKLM][64Bits] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Prezi - (.Nome de sua empresa:.) [HKLM][64Bits] -- {BD44409B-A691-4B97-B33D-F07E1DE791F3}
O42 - Logiciel: Zip Extractor Packages - (...) [HKCU][64Bits] -- Zip Extractor Packages
~ Logic: 25 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Planet Imagina]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\SoilIO]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Planet Imagina]
[HKLM\Software\Wow6432Node\VBMZ] =>PUP.Duuqu
~ Key Software: 206 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/10/2013 - 12:16:06 - [85,552] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/07/2012 - 22:43:32 - [209,976] ----D C:\Program Files (x86)\GuiaMultimidia
O43 - CFD: 19/12/2013 - 06:11:07 - [564,603] ----D C:\Program Files (x86)\Prezi
O43 - CFD: 16/01/2014 - 22:16:47 - [0] ----D C:\Program Files (x86)\saverOn
O43 - CFD: 16/01/2014 - 22:16:53 - [0,003] ----D C:\ProgramData\97494399df59196b
O43 - CFD: 04/10/2013 - 08:24:39 - [178,042] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 22/12/2013 - 17:14:40 - [0,007] ----D C:\ProgramData\djddlnimoncbbimiknkgphlfcnagmldl
O43 - CFD: 16/01/2014 - 23:52:30 - [0] ----D C:\ProgramData\saverOn
O43 - CFD: 16/01/2014 - 23:26:38 - [1,063] ----D C:\Users\Reinaldo\AppData\Roaming\0D0S1L2Z1P1B
O43 - CFD: 10/10/2013 - 12:16:01 - [39,651] ----D C:\Users\Reinaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 14/09/2013 - 14:25:35 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\GuiaMultimidia
O43 - CFD: 22/11/2013 - 15:07:18 - [0,029] ----D C:\Users\Reinaldo\AppData\Roaming\SPB_16.6
O43 - CFD: 16/01/2014 - 23:26:36 - [0,004] ----D C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster =>Adware.BDSearch
O43 - CFD: 22/11/2013 - 14:52:19 - [0,027] ----D C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cadence
O43 - CFD: 08/10/2013 - 21:37:14 - [0,003] ----D C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123
~ Program Folder: 137 Legitimates Filtered in 01mn 36s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CF54BC5630C200393369DDD1A5B63261] - 16/01/2014 - 13:41:46 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O44 - LFC:[MD5.BA28C9128432E58838155B8E20C99A50] - 16/01/2014 - 22:28:14 ---A- . (.360.cn - BAPIDRV.) -- C:\Windows\System32\Drivers\BAPIDRV64.SYS [191672]
O44 - LFC:[MD5.6E42F2E5B5BDE3FE4066C9B2D6091E17] - 16/01/2014 - 22:28:14 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O44 - LFC:[MD5.FAB12F4A79CE3ACB36135FF4DCF8C605] - 17/01/2014 - 11:41:16 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146366]
O44 - LFC:[MD5.1256D73FA382613131A4389C3D5412A5] - 17/01/2014 - 11:41:16 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [703580]
O44 - LFC:[MD5.C3D9A5F4D624F4367AE07AC12D67596C] - 17/01/2014 - 14:19:37 ---A- . (...) -- C:\zoek-results2014-01-17-171937.log [439]
O44 - LFC:[MD5.90FC18CBEFCD54BE4288541558E5187E] - 17/01/2014 - 14:25:59 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys [83264] =>Adware.BDSearch
O44 - LFC:[MD5.19809A7AB5B26AADB4050483455A1954] - 17/01/2014 - 14:40:26 ---A- . (...) -- C:\zoek-results2014-01-17-174026.log [406]
O44 - LFC:[MD5.FC8EBDC8F9876AE9AF9D33AE98672A20] - 18/01/2014 - 12:48:27 ---A- . (...) -- C:\zoek-results.log [430]
O44 - LFC:[MD5.4BFF6182EB808F46E6D9E7A6979D32AF] - 18/01/2014 - 12:48:34 ---A- . (...) -- C:\runcheck.txt [491]
~ Files: 29 Legitimates Filtered in 00mn 02s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\lollipop [Key] . (...) -- c:\users\reinaldo\appdata\local\lollipop\lollipop.exe (.not file.) =>Adware.Lollipop
O53 - SMSR:HKLM\...\startupreg\mobilegeni daemon [Key] . (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\NIRegistrationWizard [Key] . (...) -- C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe
O53 - SMSR:HKLM\...\startupreg\Optimizer Pro [Key] . (...) -- C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (.not file.) =>PUP.OptimizerPro
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.CF54BC5630C200393369DDD1A5B63261] - 16/01/2014 - 13:41:46 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:[MD5.BA28C9128432E58838155B8E20C99A50] - 16/01/2014 - 22:28:14 ---A- . (.360.cn - BAPIDRV.) -- C:\Windows\System32\Drivers\BAPIDRV64.SYS [191672]
O58 - SDL:[MD5.13A2519AA829149C5092527D8229DDF6] - 12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [50496] =>Adware.BDSearch
O58 - SDL:[MD5.E39E7AD46221F2490E4D59BF0679B7EE] - 12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [32576] =>Adware.BDSearch
O58 - SDL:[MD5.D15D4484B415FDD45087D46162BD3B82] - 20/08/2013 - 03:10:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [106624] =>Adware.BDSearch
O58 - SDL:[MD5.90FC18CBEFCD54BE4288541558E5187E] - 17/01/2014 - 14:25:59 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys [83264] =>Adware.BDSearch
O58 - SDL:[MD5.2B3B8CBEA1BA1BCE5700607FBDB31034] - 31/10/2008 - 16:19:36 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmnsusbser.sys [117888]
O58 - SDL:[MD5.6E42F2E5B5BDE3FE4066C9B2D6091E17] - 16/01/2014 - 22:28:14 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.47B37E4F919BF170818920A98C2FE1C6] - 19/08/2010 - 16:59:12 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:[MD5.0626C7524FBE58E1AF6E76F1BB739CA2] - 03/12/2009 - 10:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [13816]
O58 - SDL:[MD5.709BDE623D7680E2D2A958CD4DC0A902] - 03/12/2009 - 10:04:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [13304]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 18 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 16/01/2014 - C:\Windows\system32\Drivers\BAPIDRV64.sys (BAPIDRV) .(.360.cn - BAPIDRV.) - LEGACY_BAPIDRV
O64 - Services: CurCS - 12/08/2013 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER =>Adware.BDSearch
O64 - Services: CurCS - 12/08/2013 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON =>Adware.BDSearch
O64 - Services: CurCS - 20/08/2013 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT =>Adware.BDSearch
O64 - Services: CurCS - 17/01/2014 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX =>Adware.BDSearch
O64 - Services: CurCS - 17/01/2014 - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL =>Adware.BDSearch
~ Legacy: 79 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Reinaldo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} [DefaultScope] - (PSafe ClikSeguro) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.205A323DBDDE479603D59BE561F8A927] [SPRF][11/09/2013] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [170344] =>Adware.BDSearch
[MD5.885E9EB42889CA547F4E3515DCDE5D3D] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\7za.exe [476672]
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][16/10/2013] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.B31EBD87CF7F09DEA4126233F713F93C] [SPRF][16/01/2014] (.Baidu, Inc. - PC Faster Setup.) -- C:\Users\Reinaldo\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe [16929536] =>Adware.BDSearch
[MD5.725B7694AC99AF6B1EE83279DB91FA1A] [SPRF][28/09/2013] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\defaultCache.reg [52504]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][10/11/2013] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\evr6mrxk.dll [0]
[MD5.08D74ADA6B0955E0DEB719CB0CC936FE] [SPRF][23/10/2013] (.Speedchecker Limited - No Comment.) -- C:\Users\Reinaldo\AppData\Local\Temp\pcspeedup.exe [3961048]
[MD5.3DF9C822FFD4245403113A555A27357F] [SPRF][12/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\Quarantine.exe [360073]
[MD5.6337E8365510C2AD792357CC3FA136B2] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\remove.exe [69632]
[MD5.2B657A67AEBB84AEA5632C53E61E23BF] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\sed.exe [98816]
[MD5.466C4732BC4B126B94B0E69C6B5A2348] [SPRF][01/09/2013] (.No owner - SendMsg.) -- C:\Users\Reinaldo\AppData\Local\Temp\SendMsg.dll [9216]
[MD5.59375510BDE2FF0DBA7A8197AD9F12BB] [SPRF][18/01/2014] (.Optimum X - Creates, modifies or queries Windows shell links (shortcuts).) -- C:\Users\Reinaldo\AppData\Local\Temp\shortcut.exe [57344]
[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] [SPRF][18/01/2014] (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\Users\Reinaldo\AppData\Local\Temp\swreg.exe [161792]
[MD5.9D4171F6D34DFA309020871677F40390] [SPRF][18/01/2014] (.SteelWerX - Freeware implementation of XCACLS.) -- C:\Users\Reinaldo\AppData\Local\Temp\swxcacls.exe [217088]
[MD5.65F00BFEF4AA0BDB459F358ADE919110] [SPRF][01/09/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Reinaldo\AppData\Local\Temp\uninst1.exe [340560] =>PUP.Babylon
[MD5.02940D6C7722E91342A32CFF5C60F4E4] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\zoek-delete.exe [24064]
[MD5.023E26834985A9F1A3CEBA56C05611E6] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\zoek.bat [594770]
[MD5.4EAFE25F5952A0158844014DE10088AF] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\zoekrun.bat [94]
[MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][31/10/2013] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\Reinaldo\Desktop\FLVMPlayer.exe [4953944]
[MD5.3229AD757844DA21CD4A783365126671] [SPRF][15/01/2014] (...) -- C:\Users\Reinaldo\Desktop\zoek.com [1410178]
[MD5.41716C72914ECEAA9F16F88406A14261] [SPRF][15/01/2014] (...) -- C:\Users\Reinaldo\Desktop\zoek.exe [1282048]
~ Files: 27 Legitimates Filtered in 00mn 06s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{65D1C807-11AA-4E2C-B98F-82205CAD0A13}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{9A72C29D-EC62-43FE-8493-F52E55E69109}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{A14AF05F-FD62-4023-AD23-3B04F3D1B526}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{3E69511E-C74F-434F-8598-B955DF9DFC85}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{700C3824-36C3-44EB-B920-DEF17340B768}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
O87 - FAEL: "{63356659-DD15-46B1-B553-85C9D2754DA2}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\pcb\bin\productserver.exe
O87 - FAEL: "{14188811-12E5-42A5-8B4E-B5C2A94C39C2}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\openaccess\bin\win32\opt\oadmturboserver.exe
O87 - FAEL: "{2999E29F-B156-4501-8252-31C95464F1F7}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\OpenAccess\bin\win32\opt\oaFSLockD.exe
O87 - FAEL: "{AB3CA2C1-9882-451C-9E88-64DD9352394A}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsmsgserver.exe
O87 - FAEL: "{1331E8F6-F3DE-4176-8763-7A99D75BBED6}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsnameserver.exe
O87 - FAEL: "{60F7F65B-BA28-43E2-877D-AB6E7151F9EE}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsmps.exe
O87 - FAEL: "{C6CF7CCD-47DA-4E59-84C9-25E1415D2DCA}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\clsbd.exe
O87 - FAEL: "{3663E354-8E54-4FC3-8A3E-D2439F2A7993}" | In - None - P6 - TRUE | .(.PSafe Tecnologia S/A - PSafe SmartUpdater Tool.) -- C:\Program Files (x86)\PSafe\pssmartup.exe
O87 - FAEL: "{A115C488-E8C6-4A9B-AB85-1D6DA12230CE}" | In - None - P17 - TRUE | .(.PSafe Tecnologia S/A - PSafe SmartUpdater Tool.) -- C:\Program Files (x86)\PSafe\pssmartup.exe
~ Firewall: 194 Legitimates Filtered in 00mn 01s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "30ECD8C76498A2744AC1973562E91FF7" . (.GuiaMultimidia.) -- C:\Windows\Installer\{7C8DCE03-8946-472A-A41C-7953269EF17F}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "8224FDAA277034D429BE2B543E1AB700" . (.IPM 1.9.2.) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_6FEFF9B68218417F98F549.exe
~ Update Products: 273 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 274 Legitimates Filtered in 00mn 25s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10/07/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 22/05/2012 76488 | (NIApplicationWebServer64) . (.National Instruments Corporation.) - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SS - | Demand 02/08/2010 1427688 | (NILM License Manager) . (.Macrovision Corporation.) - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
SS - | Demand 18/05/2012 139488 | (OpcEnum) . (.OPC Foundation.) - C:\Windows\SysWOW64\Opcenum.exe

SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 06/05/2011 695136 | (LkCitadelServer) . (.National Instruments, Inc..) - C:\Windows\SysWOW64\lkcitdl.exe
SR - | Auto 05/06/2012 50328 | (lkClassAds) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lkads.exe
SR - | Auto 05/06/2012 60568 | (lkTimeSync) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lktsrv.exe
SR - | Auto 22/05/2012 51360 | (mxssvr) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 22/05/2012 53960 | (NIApplicationWebServer) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SR - | Auto 05/06/2012 370328 | (NIDomainService) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
SR - | Auto 31/05/2012 258776 | (nimDNSResponder) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
SR - | Auto 05/06/2012 169192 | (NINetworkDiscovery) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
SR - | Auto 22/05/2012 53952 | (niSvcLoc) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
SR - | Auto 07/06/2012 680624 | (NITaggerService) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
SR - | Auto 17/01/2014 679920 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
SR - | Auto 16/01/2014 2592456 | (PSafeSVC) . (.PSafe S/A.) - C:\Program Files (x86)\PSafe\psafesvc.exe
SR - | Auto 16/01/2014 265416 | (PSafeWD) . (.PSafe S.A..) - C:\Program Files (x86)\PSafe\PSafeWD.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 26s



---\\ Scâner Aditional (088)
Database Version : 13024 - (17/01/2014)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 10

[HKLM\Software\Google\Chrome\Extensions\ammjbfijeglcdlnlnhlkdhgjnlgmpehe] =>PUP.Glindorus^
[HKLM\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde] =>Toolbar.DeltaSearch^
[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
[HKLM\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =>PUP.Wajam^
[HKLM\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}] =>Adware.BDSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0] =>Adware.BDSearch^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\lollipop] =>Adware.Lollipop^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro] =>PUP.OptimizerPro^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\VBMZ] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Baidu PC Faster 4.0.0.0 =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammjbfijeglcdlnlnhlkdhgjnlgmpehe =>PUP.Glindorus^
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch^
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp =>PUP.Wajam^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
C:\ProgramData\FileSplitUpLoad.dll =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Local\Temp\uninst1.exe =>PUP.Babylon^
~ Additionnel Scan: 459807 Items scanned in 00mn 15s



---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Glindorus
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.DeltaSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Elex
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.DSite
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PlusHD
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Duuqu
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.OptimizerPro
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.eSafeSecurity
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 16 link(s) detected in 00mn 15s



~ 1170 Legitimates filtered by white list
End of the scan (573 lines in 03mn 01s)(0)

Alguns problemas foram encontrados, os quais iremos remover. Mas antes disto gostaria de lhe perguntar: no seu PC estão instalados o Psafe e o Baidu. Você não prefere desinstalá-los e instalar só um antivirus gratuito mais eficiente?

Pra dizer a verdade nem sei como o Psafe e o Baidu foram parar no meu computador, rsrsrsrsrs. Eu ia perguntar mesmo qual um bom antivirus gratuito pra instalar. Me passa o link para instalar o antivirus, por favor. Vou desinstalar o Psafe e o Baidu...........

Pronto, desinstalados Psafe e Baidu. O que devemos fazer agora?

Execute novamente o ZHPDiag conforme lhe passei na resposta anterior e poste um novo log dele para análise.

~ Relatório do ZHPDiag v2014.1.17.19 - Nicolas Coolman (17/01/2014)
~ Iniciado por Reinaldo (18/01/2014 23:23:56)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v32.0.1700.76 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3990 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 394 GB (86%) free of 458 GB

---\\ Modo de conexão ao sistema
~ Computer Name: REINALDO-STI
~ User Name: Reinaldo
~ All Users Names: Reinaldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Reinaldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Reinaldo\AppData\Roaming\
~ %Desktop% : C:\Users\Reinaldo\Desktop\
~ %Favorites% : C:\Users\Reinaldo\Favorites\
~ %LocalAppData% : C:\Users\Reinaldo\AppData\Local\
~ %StartMenu% : C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 394 Go of 458 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.11/07/2012 - 07:53:38.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 04:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.11/07/2012 - 07:58:16.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/7
~ Mon Bureau (My Desktop) : 1/242
~ Menu demarrer (Programs) : 1/53
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896] [PID.3648]
[MD5.537B99E95616D384EB5DF2D30AA784F0] - (.PSafe - PSafe System Tray.) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe [4247752] [PID.3664]
[MD5.E912D9CA51CB0F3165457E03B8EA8B33] - (.PSafe S.A. - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWDS.exe [124616] [PID.3688]
[MD5.3B0BA44D5691E00088B956394FDE64B6] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584] [PID.4812]
[MD5.9F7F05C526A63D4D3E34C02869EE6F2E] - (.Google - Hangouts Plugin.) -- C:\Users\Reinaldo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe [64336] [PID.2296]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8336896] [PID.2324]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1508]
[MD5.777E031B6C740148E935066F37B49AF8] - (.National Instruments Corporation - lkads.) -- C:\Windows\SysWOW64\lkads.exe [50328] [PID.1768]
[MD5.68C5321CBC7BE2FA7278809A2D6544D0] - (.National Instruments Corporation - MXS Service.) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360] [PID.1792]
[MD5.62E7B5EF6BEC714BC200C661BA940F54] - (.National Instruments Corporation - nidmsrv.) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328] [PID.1820]
[MD5.D66D5FCC4911646347F9F5CD8C3F0000] - (.National Instruments Corporation - System Web Server Daemon.) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952] [PID.1844]
[MD5.30B05E4E963E663E2A7D110048FD1A02] - (.National Instruments Corporation - NI Variable Engine.) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624] [PID.1868]
[MD5.B21A8C1B0C8E8EB227AB6F6C49D5501D] - (.PSafe S/A - PSafe Core Service.) -- C:\Program Files (x86)\PSafe\psafesvc.exe [2592456] [PID.1152]
[MD5.826B554B6CA0E619F32ACC43D7D317CD] - (.PSafe S.A. - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWD.exe [265416] [PID.2372]
[MD5.20CDB07017497C94A0BAD253C4BAFCBC] - (.National Instruments, Inc. - Part of Logos.) -- C:\Windows\SysWOW64\lkcitdl.exe [695136] [PID.2776]
[MD5.23A07F37756F44ED738BCD931EBFFCED] - (.National Instruments Corporation - lktsrv.) -- C:\Windows\SysWOW64\lktsrv.exe [60568] [PID.2816]
[MD5.2FADAD2DED79972C0B25570394AA519C] - (.National Instruments Corporation - Application Web Server Daemon.) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960] [PID.2928]
[MD5.902A9B8EC25EAC8C8DD5594F5866F80C] - (.National Instruments Corporation - National Instruments Zeroconf Service.) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776] [PID.3020]
[MD5.DF0AB139C5C5ADEF39A88D7FE51F0CB4] - (.National Instruments Corporation - National Instruments Network Discovery Serv.) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192] [PID.3044]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.3744]
[MD5.13AA2130F2A104DD775EAD0F0EE5417B] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [598312] [PID.480]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ammjbfijeglcdlnlnhlkdhgjnlgmpehe] glindorus v.1.0.0 (Désactivé) =>PUP.Glindorus
G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.6.2 (Désactivé) =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.7.6, (Désactivé) =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [jpmbfleldcgkldadpdinhjjopdfpjfjp] Wajam v.1.24 (Désactivé) =>PUP.Wajam
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 20 Legitimates Filtered in 00mn 03s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = home.psafe.com
~ IE Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.102.0.15:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Guia Multimídia.lnk . (...) -- C:\Windows\Installer\{7C8DCE03-8946-472A-A41C-7953269EF17F}\_1E8B57E217D6A54FAF778B.exe
O4 - GS\Desktop [Public]: HSPA MODEM.lnk . (...) -- C:\Program Files (x86)\HSPA MODEM\HSPA MODEM\StartUp.exe
O4 - GS\Desktop [Public]: MATLAB R2008b.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) -- C:\Program Files (x86)\MATLAB\R2008b\bin\matlab.exe
O4 - GS\Desktop [Public]: NI MAX.lnk . (.National Instruments Corporation - Measurement & Automation Explorer.) -- C:\Program Files (x86)\National Instruments\MAX\NIMax.exe
O4 - GS\Desktop [Public]: Prezi Desktop.lnk . (...) -- C:\Program Files (x86)\Prezi\Prezi.exe
O4 - GS\Desktop [Public]: Sistema de Recuperação STI.lnk . (...) -- C:\Windows\Installer\{C247203E-3833-45A5-AEBA-403EBBA67AD7}\_F1E53105AC99C346B2A794.exe
O4 - GS\Program [Public]: National Instruments LabVIEW 2012 (32-bit).lnk . (.National Instruments Corporation - LabVIEW 12.0 Development System.) -- C:\Program Files (x86)\National Instruments\LabVIEW 2012\LabVIEW.exe
O4 - GS\Program [Public]: Prezi Desktop.lnk . (...) -- C:\Program Files (x86)\Prezi\Prezi.exe
O4 - GS\QuickLaunch [Reinaldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Reinaldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Reinaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Program [Reinaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Reinaldo]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\SystemTools [Reinaldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Desktop [Reinaldo]: Foxit PDF Editor.lnk . (.Foxit Corporation - Foxit PDF Editor, the first REAL editor for.) -- C:\Program Files (x86)\Foxit Software\PDF Editor\PDFEdit.exe
O4 - GS\Desktop [Reinaldo]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Global Startup: 64 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\RunOnce: [Application Restart #4] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_br_4] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [fst_br_8] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [PSafeTray] . (.PSafe - PSafe System Tray.) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe
O4 - HKLM\..\Wow6432Node\Run: [PSafeWDS] . (.PSafe S.A. - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWDS.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\RunOnce: [Application Restart #4] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.137 189.6.0.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.137 189.6.0.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.137 189.6.0.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.6.0.137 189.6.0.131
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: PSafeSVC (PSafeSVC) . (.PSafe S/A - PSafe Core Service.) - C:\Program Files (x86)\PSafe\psafesvc.exe
O23 - Service: PSafeWD (PSafeWD) . (.PSafe S.A. - PSafeWD.) - C:\Program Files (x86)\PSafe\PSafeWD.exe
~ Services: 16 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Digital Sites.job [320]
[MD5.00000000000000000000000000000000] [APT] [Digital Sites] (...) -- C:\Users\Reinaldo\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (.not file.) [0] =>Hijacker.DSite
[MD5.00000000000000000000000000000000] [APT] [{6AD1CCB2-D050-4960-B995-71713B25F5CF}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0] =>Adware.BDSearch
[MD5.00000000000000000000000000000000] [APT] [{8C3FF1B8-C1C0-4FF7-9AFB-C79797F158EC}] (...) -- C:\Program Files (x86)\Plus-HD-2.3\Uninstall.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [{919EEF3B-78C3-4DC8-9D74-C5BED338E16B}] (...) -- E:\OFFICE\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9DF49771-EFAC-47CE-94DD-1FF709CB5DC9}] (...) -- c:\users\Reinaldo\appdata\local\lollipop\lollipop.bat (.not file.) [0] =>Adware.Lollipop
~ Scheduled Task: 17 Legitimates Filtered in 00mn 01s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (BAPIDRV) . (.360.cn - BAPIDRV.) - C:\Windows\system32\Drivers\BAPIDRV64.sys
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys =>Adware.BDSearch
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys =>Adware.BDSearch
O41 - Driver: (BprotectEx) . (. - .) - C:\Windows\system32\drivers\BprotectEx.sys (.not file.)
~ Drivers: 73 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Driver 1.3.1 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.9.2 - (.OEM.) [HKLM][64Bits] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: OSD 1.15.3 - (.OEM.) [HKLM][64Bits] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Prezi - (.Nome de sua empresa:.) [HKLM][64Bits] -- {BD44409B-A691-4B97-B33D-F07E1DE791F3}
O42 - Logiciel: Zip Extractor Packages - (...) [HKCU][64Bits] -- Zip Extractor Packages
~ Logic: 24 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Planet Imagina]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\SoilIO]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Planet Imagina]
[HKLM\Software\Wow6432Node\VBMZ] =>PUP.Duuqu
~ Key Software: 204 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/10/2013 - 12:16:06 - [1,487] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/07/2012 - 22:43:32 - [209,976] ----D C:\Program Files (x86)\GuiaMultimidia
O43 - CFD: 19/12/2013 - 06:11:07 - [564,603] ----D C:\Program Files (x86)\Prezi
O43 - CFD: 16/01/2014 - 22:16:47 - [0] ----D C:\Program Files (x86)\saverOn
O43 - CFD: 16/01/2014 - 22:16:53 - [0,003] ----D C:\ProgramData\97494399df59196b
O43 - CFD: 04/10/2013 - 08:24:39 - [178,042] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 22/12/2013 - 17:14:40 - [0,007] ----D C:\ProgramData\djddlnimoncbbimiknkgphlfcnagmldl
O43 - CFD: 16/01/2014 - 23:52:30 - [0] ----D C:\ProgramData\saverOn
O43 - CFD: 16/01/2014 - 23:26:38 - [1,063] ----D C:\Users\Reinaldo\AppData\Roaming\0D0S1L2Z1P1B
O43 - CFD: 10/10/2013 - 12:16:01 - [42,473] ----D C:\Users\Reinaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 14/09/2013 - 14:25:35 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\GuiaMultimidia
O43 - CFD: 22/11/2013 - 15:07:18 - [0,029] ----D C:\Users\Reinaldo\AppData\Roaming\SPB_16.6
O43 - CFD: 22/11/2013 - 14:52:19 - [0,027] ----D C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cadence
O43 - CFD: 08/10/2013 - 21:37:14 - [0,003] ----D C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123
~ Program Folder: 136 Legitimates Filtered in 01mn 08s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CF54BC5630C200393369DDD1A5B63261] - 16/01/2014 - 13:41:46 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O44 - LFC:[MD5.BA28C9128432E58838155B8E20C99A50] - 16/01/2014 - 22:28:14 ---A- . (.360.cn - BAPIDRV.) -- C:\Windows\System32\Drivers\BAPIDRV64.SYS [191672]
O44 - LFC:[MD5.6E42F2E5B5BDE3FE4066C9B2D6091E17] - 16/01/2014 - 22:28:14 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O44 - LFC:[MD5.FAB12F4A79CE3ACB36135FF4DCF8C605] - 17/01/2014 - 11:41:16 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146366]
O44 - LFC:[MD5.1256D73FA382613131A4389C3D5412A5] - 17/01/2014 - 11:41:16 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [703580]
O44 - LFC:[MD5.C3D9A5F4D624F4367AE07AC12D67596C] - 17/01/2014 - 14:19:37 ---A- . (...) -- C:\zoek-results2014-01-17-171937.log [439]
O44 - LFC:[MD5.19809A7AB5B26AADB4050483455A1954] - 17/01/2014 - 14:40:26 ---A- . (...) -- C:\zoek-results2014-01-17-174026.log [406]
O44 - LFC:[MD5.FC8EBDC8F9876AE9AF9D33AE98672A20] - 18/01/2014 - 12:48:27 ---A- . (...) -- C:\zoek-results2014-01-18-154827.log [430]
O44 - LFC:[MD5.D04F8D716E3D31F2385FB2C3AEAEB90A] - 18/01/2014 - 16:05:27 ---A- . (...) -- C:\zoek-results.log [478]
O44 - LFC:[MD5.9A43B4C478E50240FCDE1451D6C7A772] - 18/01/2014 - 16:05:34 ---A- . (...) -- C:\runcheck.txt [491]
~ Files: 29 Legitimates Filtered in 00mn 01s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\lollipop [Key] . (...) -- c:\users\reinaldo\appdata\local\lollipop\lollipop.exe (.not file.) =>Adware.Lollipop
O53 - SMSR:HKLM\...\startupreg\mobilegeni daemon [Key] . (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\NIRegistrationWizard [Key] . (...) -- C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe
O53 - SMSR:HKLM\...\startupreg\Optimizer Pro [Key] . (...) -- C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (.not file.) =>PUP.OptimizerPro
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.CF54BC5630C200393369DDD1A5B63261] - 16/01/2014 - 13:41:46 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:[MD5.BA28C9128432E58838155B8E20C99A50] - 16/01/2014 - 22:28:14 ---A- . (.360.cn - BAPIDRV.) -- C:\Windows\System32\Drivers\BAPIDRV64.SYS [191672]
O58 - SDL:[MD5.13A2519AA829149C5092527D8229DDF6] - 12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [50496] =>Adware.BDSearch
O58 - SDL:[MD5.E39E7AD46221F2490E4D59BF0679B7EE] - 12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [32576] =>Adware.BDSearch
O58 - SDL:[MD5.D15D4484B415FDD45087D46162BD3B82] - 20/08/2013 - 03:10:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [106624] =>Adware.BDSearch
O58 - SDL:[MD5.2B3B8CBEA1BA1BCE5700607FBDB31034] - 31/10/2008 - 16:19:36 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmnsusbser.sys [117888]
O58 - SDL:[MD5.6E42F2E5B5BDE3FE4066C9B2D6091E17] - 16/01/2014 - 22:28:14 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.47B37E4F919BF170818920A98C2FE1C6] - 19/08/2010 - 16:59:12 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:[MD5.0626C7524FBE58E1AF6E76F1BB739CA2] - 03/12/2009 - 10:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [13816]
O58 - SDL:[MD5.709BDE623D7680E2D2A958CD4DC0A902] - 03/12/2009 - 10:04:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [13304]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 18 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 16/01/2014 - C:\Windows\system32\Drivers\BAPIDRV64.sys (BAPIDRV) .(.360.cn - BAPIDRV.) - LEGACY_BAPIDRV
O64 - Services: CurCS - 12/08/2013 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER =>Adware.BDSearch
O64 - Services: CurCS - 12/08/2013 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON =>Adware.BDSearch
O64 - Services: CurCS - 20/08/2013 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT =>Adware.BDSearch
O64 - Services: CurCS - 01/01/1601 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(...) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 01/01/1601 - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (PCFApiUtil) .(...) - LEGACY_PCFAPIUTIL =>Adware.BDSearch
~ Legacy: 79 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Reinaldo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} [DefaultScope] - (PSafe ClikSeguro) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.205A323DBDDE479603D59BE561F8A927] [SPRF][11/09/2013] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [170344] =>Adware.BDSearch
[MD5.885E9EB42889CA547F4E3515DCDE5D3D] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\7za.exe [476672]
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][16/10/2013] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.B31EBD87CF7F09DEA4126233F713F93C] [SPRF][16/01/2014] (.Baidu, Inc. - PC Faster Setup.) -- C:\Users\Reinaldo\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe [16929536] =>Adware.BDSearch
[MD5.725B7694AC99AF6B1EE83279DB91FA1A] [SPRF][28/09/2013] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\defaultCache.reg [52504]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][10/11/2013] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\evr6mrxk.dll [0]
[MD5.08D74ADA6B0955E0DEB719CB0CC936FE] [SPRF][23/10/2013] (.Speedchecker Limited - No Comment.) -- C:\Users\Reinaldo\AppData\Local\Temp\pcspeedup.exe [3961048]
[MD5.3DF9C822FFD4245403113A555A27357F] [SPRF][12/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\Quarantine.exe [360073]
[MD5.6337E8365510C2AD792357CC3FA136B2] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\remove.exe [69632]
[MD5.2B657A67AEBB84AEA5632C53E61E23BF] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\sed.exe [98816]
[MD5.466C4732BC4B126B94B0E69C6B5A2348] [SPRF][01/09/2013] (.No owner - SendMsg.) -- C:\Users\Reinaldo\AppData\Local\Temp\SendMsg.dll [9216]
[MD5.59375510BDE2FF0DBA7A8197AD9F12BB] [SPRF][18/01/2014] (.Optimum X - Creates, modifies or queries Windows shell links (shortcuts).) -- C:\Users\Reinaldo\AppData\Local\Temp\shortcut.exe [57344]
[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] [SPRF][18/01/2014] (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\Users\Reinaldo\AppData\Local\Temp\swreg.exe [161792]
[MD5.9D4171F6D34DFA309020871677F40390] [SPRF][18/01/2014] (.SteelWerX - Freeware implementation of XCACLS.) -- C:\Users\Reinaldo\AppData\Local\Temp\swxcacls.exe [217088]
[MD5.65F00BFEF4AA0BDB459F358ADE919110] [SPRF][01/09/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Reinaldo\AppData\Local\Temp\uninst1.exe [340560] =>PUP.Babylon
[MD5.02940D6C7722E91342A32CFF5C60F4E4] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\zoek-delete.exe [24064]
[MD5.023E26834985A9F1A3CEBA56C05611E6] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\zoek.bat [594770]
[MD5.4EAFE25F5952A0158844014DE10088AF] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\zoekrun.bat [94]
[MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][31/10/2013] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\Reinaldo\Desktop\FLVMPlayer.exe [4953944]
[MD5.3229AD757844DA21CD4A783365126671] [SPRF][15/01/2014] (...) -- C:\Users\Reinaldo\Desktop\zoek.com [1410178]
[MD5.41716C72914ECEAA9F16F88406A14261] [SPRF][15/01/2014] (...) -- C:\Users\Reinaldo\Desktop\zoek.exe [1282048]
~ Files: 27 Legitimates Filtered in 00mn 05s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{65D1C807-11AA-4E2C-B98F-82205CAD0A13}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{9A72C29D-EC62-43FE-8493-F52E55E69109}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{A14AF05F-FD62-4023-AD23-3B04F3D1B526}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{3E69511E-C74F-434F-8598-B955DF9DFC85}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{700C3824-36C3-44EB-B920-DEF17340B768}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
O87 - FAEL: "{63356659-DD15-46B1-B553-85C9D2754DA2}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\pcb\bin\productserver.exe
O87 - FAEL: "{14188811-12E5-42A5-8B4E-B5C2A94C39C2}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\openaccess\bin\win32\opt\oadmturboserver.exe
O87 - FAEL: "{2999E29F-B156-4501-8252-31C95464F1F7}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\OpenAccess\bin\win32\opt\oaFSLockD.exe
O87 - FAEL: "{AB3CA2C1-9882-451C-9E88-64DD9352394A}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsmsgserver.exe
O87 - FAEL: "{1331E8F6-F3DE-4176-8763-7A99D75BBED6}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsnameserver.exe
O87 - FAEL: "{60F7F65B-BA28-43E2-877D-AB6E7151F9EE}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsmps.exe
O87 - FAEL: "{C6CF7CCD-47DA-4E59-84C9-25E1415D2DCA}" | In - None - P6 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\clsbd.exe
O87 - FAEL: "{3663E354-8E54-4FC3-8A3E-D2439F2A7993}" | In - None - P6 - TRUE | .(.PSafe Tecnologia S/A - PSafe SmartUpdater Tool.) -- C:\Program Files (x86)\PSafe\pssmartup.exe
O87 - FAEL: "{A115C488-E8C6-4A9B-AB85-1D6DA12230CE}" | In - None - P17 - TRUE | .(.PSafe Tecnologia S/A - PSafe SmartUpdater Tool.) -- C:\Program Files (x86)\PSafe\pssmartup.exe
~ Firewall: 194 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "30ECD8C76498A2744AC1973562E91FF7" . (.GuiaMultimidia.) -- C:\Windows\Installer\{7C8DCE03-8946-472A-A41C-7953269EF17F}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "8224FDAA277034D429BE2B543E1AB700" . (.IPM 1.9.2.) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_6FEFF9B68218417F98F549.exe
~ Update Products: 273 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 274 Legitimates Filtered in 00mn 22s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10/07/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 22/05/2012 76488 | (NIApplicationWebServer64) . (.National Instruments Corporation.) - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SS - | Demand 02/08/2010 1427688 | (NILM License Manager) . (.Macrovision Corporation.) - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
SS - | Demand 18/05/2012 139488 | (OpcEnum) . (.OPC Foundation.) - C:\Windows\SysWOW64\Opcenum.exe

SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 06/05/2011 695136 | (LkCitadelServer) . (.National Instruments, Inc..) - C:\Windows\SysWOW64\lkcitdl.exe
SR - | Auto 05/06/2012 50328 | (lkClassAds) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lkads.exe
SR - | Auto 05/06/2012 60568 | (lkTimeSync) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lktsrv.exe
SR - | Auto 22/05/2012 51360 | (mxssvr) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 22/05/2012 53960 | (NIApplicationWebServer) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SR - | Auto 05/06/2012 370328 | (NIDomainService) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
SR - | Auto 31/05/2012 258776 | (nimDNSResponder) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
SR - | Auto 05/06/2012 169192 | (NINetworkDiscovery) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
SR - | Auto 22/05/2012 53952 | (niSvcLoc) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
SR - | Auto 07/06/2012 680624 | (NITaggerService) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
SR - | Auto 16/01/2014 2592456 | (PSafeSVC) . (.PSafe S/A.) - C:\Program Files (x86)\PSafe\psafesvc.exe
SR - | Auto 16/01/2014 265416 | (PSafeWD) . (.PSafe S.A..) - C:\Program Files (x86)\PSafe\PSafeWD.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 24s



---\\ Scâner Aditional (088)
Database Version : 13024 - (17/01/2014)
Clés trouvées (Keys found) : 11
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 7
Fichiers trouvés (Files found) : 7

[HKLM\Software\Google\Chrome\Extensions\ammjbfijeglcdlnlnhlkdhgjnlgmpehe] =>PUP.Glindorus^
[HKLM\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde] =>Toolbar.DeltaSearch^
[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
[HKLM\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =>PUP.Wajam^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\lollipop] =>Adware.Lollipop^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro] =>PUP.OptimizerPro^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\VBMZ] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammjbfijeglcdlnlnhlkdhgjnlgmpehe =>PUP.Glindorus^
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch^
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp =>PUP.Wajam^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
C:\ProgramData\FileSplitUpLoad.dll =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Local\Temp\uninst1.exe =>PUP.Babylon^
~ Additionnel Scan: 458441 Items scanned in 00mn 15s



---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Glindorus
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.DeltaSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Elex
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.DSite
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PlusHD
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Duuqu
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.OptimizerPro
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.eSafeSecurity
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 16 link(s) detected in 00mn 15s



~ 1164 Legitimates filtered by white list
End of the scan (560 lines in 02mn 18s)(0)

 Estas pastas destacadas em vermelho abaixo são meio suspeitas. Sugiro que acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
e envie os arquivos destas pastas para serem analisados e depois nos diga o resultado do escaneamento destes arquivos:

C:\Program Files (x86)\saverOn
C:\ProgramData\97494399df59196b
C:\ProgramData\djddlnimoncbbimiknkgphlfcnagmldl
C:\ProgramData\saverOn
C:\Users\Reinaldo\AppData\Roaming\0D0S1L2Z1P1B
C:\Users\Reinaldo\AppData\Roaming\SPB_16.6
C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cadence
___________________________________________________________________________________________________________

 Selecione todo este texto que está destacado em vermelho abaixo e o copie (Ctrl + C):

script zhpfix
[MD5.537B99E95616D384EB5DF2D30AA784F0] - (.PSafe - PSafe System Tray.) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe [4247752] [PID.3664]
[MD5.E912D9CA51CB0F3165457E03B8EA8B33] - (.PSafe S.A. - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWDS.exe [124616] [PID.3688]
[MD5.B21A8C1B0C8E8EB227AB6F6C49D5501D] - (.PSafe S/A - PSafe Core Service.) -- C:\Program Files (x86)\PSafe\psafesvc.exe [2592456] [PID.1152]
[MD5.826B554B6CA0E619F32ACC43D7D317CD] - (.PSafe S.A. - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWD.exe [265416] [PID.2372]
G2 - GCE: Preference [User Data\Default] [ammjbfijeglcdlnlnhlkdhgjnlgmpehe] glindorus v.1.0.0 (Désactivé) =>PUP.Glindorus
G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.6.2 (Désactivé) =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.7.6, (Désactivé) =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [jpmbfleldcgkldadpdinhjjopdfpjfjp] Wajam v.1.24 (Désactivé) =>PUP.Wajam
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = home.psafe.com
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
O4 - GS\Program [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Desktop [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [fst_br_4] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [fst_br_8] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [PSafeTray] . (.PSafe - PSafe System Tray.) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe
O4 - HKLM\..\Wow6432Node\Run: [PSafeWDS] . (.PSafe S.A. - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWDS.exe
O23 - Service: PSafeSVC (PSafeSVC) . (.PSafe S/A - PSafe Core Service.) - C:\Program Files (x86)\PSafe\psafesvc.exe
O23 - Service: PSafeWD (PSafeWD) . (.PSafe S.A. - PSafeWD.) - C:\Program Files (x86)\PSafe\PSafeWD.exe
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Digital Sites.job [320]
[MD5.00000000000000000000000000000000] [APT] [Digital Sites] (...) -- C:\Users\Reinaldo\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (.not file.) [0] =>Hijacker.DSite
[MD5.00000000000000000000000000000000] [APT] [{6AD1CCB2-D050-4960-B995-71713B25F5CF}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0] =>Adware.BDSearch
[MD5.00000000000000000000000000000000] [APT] [{8C3FF1B8-C1C0-4FF7-9AFB-C79797F158EC}] (...) -- C:\Program Files (x86)\Plus-HD-2.3\Uninstall.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [{919EEF3B-78C3-4DC8-9D74-C5BED338E16B}] (...) -- E:\OFFICE\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9DF49771-EFAC-47CE-94DD-1FF709CB5DC9}] (...) -- c:\users\Reinaldo\appdata\local\lollipop\lollipop.bat (.not file.) [0] =>Adware.Lollipop
O41 - Driver: (BAPIDRV) . (.360.cn - BAPIDRV.) - C:\Windows\system32\Drivers\BAPIDRV64.sys
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys =>Adware.BDSearch
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys =>Adware.BDSearch
O41 - Driver: (BprotectEx) . (. - .) - C:\Windows\system32\drivers\BprotectEx.sys (.not file.)
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\VBMZ] =>PUP.Duuqu
O43 - CFD: 10/10/2013 - 12:16:06 - [1,487] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 04/10/2013 - 08:24:39 - [178,042] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 10/10/2013 - 12:16:01 - [42,473] ----D C:\Users\Reinaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch
C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123
O44 - LFC:[MD5.CF54BC5630C200393369DDD1A5B63261] - 16/01/2014 - 13:41:46 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O44 - LFC:[MD5.BA28C9128432E58838155B8E20C99A50] - 16/01/2014 - 22:28:14 ---A- . (.360.cn - BAPIDRV.) -- C:\Windows\System32\Drivers\BAPIDRV64.SYS [191672]
O44 - LFC:[MD5.6E42F2E5B5BDE3FE4066C9B2D6091E17] - 16/01/2014 - 22:28:14 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O53 - SMSR:HKLM\...\startupreg\lollipop [Key] . (...) -- c:\users\reinaldo\appdata\local\lollipop\lollipop.exe (.not file.) =>Adware.Lollipop
O53 - SMSR:HKLM\...\startupreg\mobilegeni daemon [Key] . (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Optimizer Pro [Key] . (...) -- C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (.not file.) =>PUP.OptimizerPro
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O58 - SDL:[MD5.CF54BC5630C200393369DDD1A5B63261] - 16/01/2014 - 13:41:46 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:[MD5.BA28C9128432E58838155B8E20C99A50] - 16/01/2014 - 22:28:14 ---A- . (.360.cn - BAPIDRV.) -- C:\Windows\System32\Drivers\BAPIDRV64.SYS [191672]
O58 - SDL:[MD5.13A2519AA829149C5092527D8229DDF6] - 12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [50496] =>Adware.BDSearch
O58 - SDL:[MD5.E39E7AD46221F2490E4D59BF0679B7EE] - 12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [32576] =>Adware.BDSearch
O58 - SDL:[MD5.D15D4484B415FDD45087D46162BD3B82] - 20/08/2013 - 03:10:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [106624] =>Adware.BDSearch
O58 - SDL:[MD5.6E42F2E5B5BDE3FE4066C9B2D6091E17] - 16/01/2014 - 22:28:14 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O64 - Services: CurCS - 16/01/2014 - C:\Windows\system32\Drivers\BAPIDRV64.sys (BAPIDRV) .(.360.cn - BAPIDRV.) - LEGACY_BAPIDRV
O64 - Services: CurCS - 12/08/2013 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER =>Adware.BDSearch
O64 - Services: CurCS - 12/08/2013 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON =>Adware.BDSearch
O64 - Services: CurCS - 20/08/2013 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT =>Adware.BDSearch
O64 - Services: CurCS - 01/01/1601 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(...) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 01/01/1601 - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (PCFApiUtil) .(...) - LEGACY_PCFAPIUTIL =>Adware.BDSearch
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Reinaldo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O69 - SBI: SearchScopes [HKCU] {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} [DefaultScope] - (PSafe ClikSeguro) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[MD5.205A323DBDDE479603D59BE561F8A927] [SPRF][11/09/2013] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [170344] =>Adware.BDSearch
[MD5.885E9EB42889CA547F4E3515DCDE5D3D] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\7za.exe [476672]
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][16/10/2013] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.B31EBD87CF7F09DEA4126233F713F93C] [SPRF][16/01/2014] (.Baidu, Inc. - PC Faster Setup.) -- C:\Users\Reinaldo\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe [16929536] =>Adware.BDSearch
[MD5.725B7694AC99AF6B1EE83279DB91FA1A] [SPRF][28/09/2013] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\defaultCache.reg [52504]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][10/11/2013] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\evr6mrxk.dll [0]
[MD5.08D74ADA6B0955E0DEB719CB0CC936FE] [SPRF][23/10/2013] (.Speedchecker Limited - No Comment.) -- C:\Users\Reinaldo\AppData\Local\Temp\pcspeedup.exe [3961048]
[MD5.3DF9C822FFD4245403113A555A27357F] [SPRF][12/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\Quarantine.exe [360073]
[MD5.6337E8365510C2AD792357CC3FA136B2] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\remove.exe [69632]
[MD5.2B657A67AEBB84AEA5632C53E61E23BF] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\sed.exe [98816]
[MD5.466C4732BC4B126B94B0E69C6B5A2348] [SPRF][01/09/2013] (.No owner - SendMsg.) -- C:\Users\Reinaldo\AppData\Local\Temp\SendMsg.dll [9216]
[MD5.59375510BDE2FF0DBA7A8197AD9F12BB] [SPRF][18/01/2014] (.Optimum X - Creates, modifies or queries Windows shell links (shortcuts).) -- C:\Users\Reinaldo\AppData\Local\Temp\shortcut.exe [57344]
[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] [SPRF][18/01/2014] (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\Users\Reinaldo\AppData\Local\Temp\swreg.exe [161792]
[MD5.9D4171F6D34DFA309020871677F40390] [SPRF][18/01/2014] (.SteelWerX - Freeware implementation of XCACLS.) -- C:\Users\Reinaldo\AppData\Local\Temp\swxcacls.exe [217088]
[MD5.65F00BFEF4AA0BDB459F358ADE919110] [SPRF][01/09/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Reinaldo\AppData\Local\Temp\uninst1.exe [340560] =>PUP.Babylon
[MD5.02940D6C7722E91342A32CFF5C60F4E4] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\zoek-delete.exe [24064]
[MD5.023E26834985A9F1A3CEBA56C05611E6] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\zoek.bat [594770]
[MD5.4EAFE25F5952A0158844014DE10088AF] [SPRF][18/01/2014] (...) -- C:\Users\Reinaldo\AppData\Local\Temp\zoekrun.bat [94]
O87 - FAEL: "{65D1C807-11AA-4E2C-B98F-82205CAD0A13}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{9A72C29D-EC62-43FE-8493-F52E55E69109}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{A14AF05F-FD62-4023-AD23-3B04F3D1B526}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{3E69511E-C74F-434F-8598-B955DF9DFC85}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{700C3824-36C3-44EB-B920-DEF17340B768}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
O87 - FAEL: "{3663E354-8E54-4FC3-8A3E-D2439F2A7993}" | In - None - P6 - TRUE | .(.PSafe Tecnologia S/A - PSafe SmartUpdater Tool.) -- C:\Program Files (x86)\PSafe\pssmartup.exe
O87 - FAEL: "{A115C488-E8C6-4A9B-AB85-1D6DA12230CE}" | In - None - P17 - TRUE | .(.PSafe Tecnologia S/A - PSafe SmartUpdater Tool.) -- C:\Program Files (x86)\PSafe\pssmartup.exe
SR - | Auto 16/01/2014 2592456 | (PSafeSVC) . (.PSafe S/A.) - C:\Program Files (x86)\PSafe\psafesvc.exe
SR - | Auto 16/01/2014 265416 | (PSafeWD) . (.PSafe S.A..) - C:\Program Files (x86)\PSafe\PSafeWD.exe
[HKLM\Software\Google\Chrome\Extensions\ammjbfijeglcdlnlnhlkdhgjnlgmpehe] =>PUP.Glindorus^
[HKLM\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde] =>Toolbar.DeltaSearch^
[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
[HKLM\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =>PUP.Wajam^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\lollipop] =>Adware.Lollipop^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro] =>PUP.OptimizerPro^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\VBMZ] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammjbfijeglcdlnlnhlkdhgjnlgmpehe =>PUP.Glindorus^
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch^
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp =>PUP.Wajam^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
C:\ProgramData\FileSplitUpLoad.dll =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Local\Temp\uninst1.exe =>PUP.Babylon^

Sysrestore
firewallraz
emptytemp
emptyflash
emptyclsid
ProxyFix

Vá no menu: Iniciar > Todos os programas > ZHP > ZHPFix > Na tela que abrir cole o que você copiou (Ctrl + V) > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.

Prezado, na verificação de "C:\ProgramData\djddlnimoncbbimiknkgphlfcnagmldl" no virus total acho que verifiquei virus. Olhe, por favor:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

é verdade, este arquivo WbGWl0ODJZ.js está com vírus, pode excluir ele.

Além deste arquivo tem outros arquivos dentro desta pasta?

Sim, há outros arquivos na pasta onde não foram detectados virus. E então, devo excluir toda pasta?

Quais são os arquivos que tem nesta pasta? Quais os nomes deles?

 Oi Reinaldo, faça o seguinte, por gentileza: Faça o escaneamentos dos arquivos que estão naquelas pastas suspeitas que lhe falei no site Virus Total, e os arquivos que forem detectados como infectados nestas pastas, você os exclui. Quanto aos que forem considerados seguros, deixe eles onde estão.

Basta excluir só os que forem considerados contaminados.
__________________________________________________________________________________

 Depois disto é só executar aquele outro procedimento que lhe falei com o ZHPFix e postar o log dele.

Ficamos na espera.

Marcos, segue escaneamento solicitado:


Rapport de ZHPFix 2014.1.17.2 par Nicolas Coolman, Update du 17/01/2014
Fichier d'export Registre :
Run by Reinaldo at 19/01/2014 17:13:48
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Program Files (x86)\PSafe\PSafeSysTray.exe
ELIMINÉ: Memory Process: C:\Program Files (x86)\PSafe\PSafeWDS.exe
ELIMINÉ: Memory Process: C:\Program Files (x86)\PSafe\psafesvc.exe
ELIMINÉ: Memory Process: C:\Program Files (x86)\PSafe\PSafeWD.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\7za.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\BackupSetup.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\pcspeedup.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\Quarantine.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\remove.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\sed.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\shortcut.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\swreg.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\swxcacls.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\uninst1.exe
ELIMINÉ: Memory Process: C:\Users\Reinaldo\AppData\Local\Temp\zoek-delete.exe

========== Modulos memória ==========
ELIMINÉ: Memory Module: C:\ProgramData\FileSplitUpLoad.dll
ELIMINÉ: Memory Module: C:\Users\Reinaldo\AppData\Local\Temp\evr6mrxk.dll
ELIMINÉ: Memory Module: C:\Users\Reinaldo\AppData\Local\Temp\SendMsg.dll

========== Estado dos serviços ==========
BAPIDRV Parado
BFILTER Parado
BFMON Parado
BPROTECT Parado
BPROTECTEX Parado
PCFAPIUTIL Parado

========== Chaves do Registo ==========
ELIMINÉ: Service: PSafeSVC
ELIMINÉ: Service: PSafeWD
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: BprotectEx
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\360Safe
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\VBMZ
ELIMINÉ:* StartupReg: lollipop
ELIMINÉ:* StartupReg: mobilegeni daemon
ELIMINÉ:* StartupReg: Optimizer Pro
ELIMINÉ: SearchScopes :{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ELIMINÉ RunValue: fst_br_4
ELIMINÉ RunValue: fst_br_8
ELIMINÉ RunValue: PSafeTray
ELIMINÉ RunValue: PSafeWDS
ELIMINÉ MWPE Value: NoActiveDesktopChanges
ELIMINÉ: {65D1C807-11AA-4E2C-B98F-82205CAD0A13}
ELIMINÉ: {9A72C29D-EC62-43FE-8493-F52E55E69109}
ELIMINÉ: {A14AF05F-FD62-4023-AD23-3B04F3D1B526}
ELIMINÉ: {3E69511E-C74F-434F-8598-B955DF9DFC85}
ELIMINÉ: {700C3824-36C3-44EB-B920-DEF17340B768}
ELIMINÉ: {3663E354-8E54-4FC3-8A3E-D2439F2A7993}
ELIMINÉ: {A115C488-E8C6-4A9B-AB85-1D6DA12230CE}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (None) : {F98A4CB3-B735-4205-81F6-DFA9ECF49C43}
ELIMINÉ: FirewallRaz (None) : {287794AF-71A9-4FF0-9AC2-EC30824AE768}
ELIMINÉ: FirewallRaz (None) : {3F32C86E-7B61-404F-AE60-6D152F8C79B7}
ELIMINÉ: FirewallRaz (None) : {58F38B96-981A-4239-BAF6-C53F0AA054EC}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ:* c:\program files (x86)\psafe\psafesvc.exe
ELIMINÉ: c:\users\reinaldo\appdata\local\google\chrome\user data\default\preferences
ELIMINÉ: c:\windows\tasks\digital sites.job
ELIMINA REINICIAR: c:\windows\system32\drivers\360avflt.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bapidrv64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\efimon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ: C:\Users\Reinaldo\AppData\Local\Temp\defaultCache.reg
ELIMINÉ: C:\Users\Reinaldo\AppData\Local\Temp\zoek.bat
ELIMINÉ: C:\Users\Reinaldo\AppData\Local\Temp\zoekrun.bat
ELIMINÉ Temporários windows (908) (513.539.949 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: Digital Sites
ELIMINÉ: {6AD1CCB2-D050-4960-B995-71713B25F5CF}
ELIMINÉ: {8C3FF1B8-C1C0-4FF7-9AFB-C79797F158EC}
ELIMINÉ: {919EEF3B-78C3-4DC8-9D74-C5BED338E16B}
ELIMINÉ: {9DF49771-EFAC-47CE-94DD-1FF709CB5DC9}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
16 : Processo memória
3 : Modulos memória
18 : Chaves do Registo
25 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
14 : Ficheiros
6 : Estado dos serviços
5 : Tarefa planificada
1 : Restauração Sistema


End of clean in 02mn 58s

========== Caminho do ficheiro do relatório ==========
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 19/01/2014 17:13:53 [5822]

   Vários problemas foram eliminados pelo ZHPFix.
_________________________________

Você escaneou os arquivos daquelas pastas suspeitas no Virus Total e eliminou os arquivos considerados contaminados?

Como está o seu PC após estas limpezas?

Melhorou muito, deixaram de aparecer janelas que eu não pedia para aparecer.

Ah, não sei se isso tem a ver mas de repente, quando entrava em uma janela, mal eu começava a estar no começo da mesma e já ia pro final da página como se eu tivesse teclado "End" sem eu teclar, entende?

Ah, não esqueça do antivirus que você prometeu me indicar.........

Já eliminei os virus pelo virus total.

Fico feliz que os problemas foram resolvidos.

Quanto ao antivirus, sugiro um ótimo antivirus gratuito para você, que é o Avira Free Antivirus.

Para instalar, configurar e usar corretamente o Avira Free Antivirus é só seguir as dicas destes tutoriais:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] 

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Depois de instalar o Avira faça um escaneamento completo com ele e depois nos diga, por gentileza, se mais alguns vírus foram removidos por ele.

Prezado, segue relatório:


Avira Free Antivirus
Data do arquivo de relatório: segunda-feira, 20 de janeiro de 2014 18:27


O programa está sendo executado como versão completa sem limitações.
Os serviços online estão disponíveis.

Licenciado : Avira Free Antivirus
Número de série : 0000149996-ADJIE-0000001
Plataforma : Windows 7 Home Basic
Versão do Windows : (Service Pack 1) [6.1.7601]
Modo de inicialização : Normalmente inicializado
Nome de usuário : Reinaldo
Nome do computador : REINALDO-STI

Informações da versão:
BUILD.DAT : 14.0.2.286 55547 Bytes 13/12/2013 15:11:00
AVSCAN.EXE : 14.0.2.254 1032760 Bytes 13/12/2013 17:11:19
AVSCANRC.DLL : 14.0.2.180 58936 Bytes 13/12/2013 17:11:19
LUKE.DLL : 14.0.2.234 65592 Bytes 13/12/2013 17:11:20
AVSCPLR.DLL : 14.0.2.254 124472 Bytes 13/12/2013 17:11:19
AVREG.DLL : 14.0.2.212 250424 Bytes 13/12/2013 17:11:19
avlode.dll : 14.0.2.254 540216 Bytes 13/12/2013 17:11:19
avlode.rdf : 13.0.1.66 56973 Bytes 20/01/2014 19:54:18
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04/04/2013 17:11:22
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30/04/2013 17:11:22
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28/05/2013 17:11:22
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21/06/2013 17:11:22
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23/07/2013 17:11:22
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29/08/2013 17:11:22
VBASE006.VDF : 7.11.103.230 2293248 Bytes 24/09/2013 17:11:22
VBASE007.VDF : 7.11.116.38 5485568 Bytes 28/11/2013 17:11:22
VBASE008.VDF : 7.11.120.140 1154560 Bytes 19/12/2013 19:53:42
VBASE009.VDF : 7.11.120.141 2048 Bytes 19/12/2013 19:53:42
VBASE010.VDF : 7.11.120.142 2048 Bytes 19/12/2013 19:53:43
VBASE011.VDF : 7.11.120.143 2048 Bytes 19/12/2013 19:53:43
VBASE012.VDF : 7.11.120.144 2048 Bytes 19/12/2013 19:53:43
VBASE013.VDF : 7.11.120.145 2048 Bytes 19/12/2013 19:53:44
VBASE014.VDF : 7.11.121.19 126976 Bytes 21/12/2013 19:53:44
VBASE015.VDF : 7.11.121.147 122880 Bytes 24/12/2013 19:53:45
VBASE016.VDF : 7.11.121.233 115712 Bytes 25/12/2013 19:53:46
VBASE017.VDF : 7.11.122.57 325120 Bytes 27/12/2013 19:53:47
VBASE018.VDF : 7.11.122.123 199680 Bytes 28/12/2013 19:53:48
VBASE019.VDF : 7.11.122.219 368640 Bytes 01/01/2014 19:53:50
VBASE020.VDF : 7.11.123.39 182272 Bytes 03/01/2014 19:53:51
VBASE021.VDF : 7.11.123.141 124416 Bytes 05/01/2014 19:53:51
VBASE022.VDF : 7.11.124.11 172032 Bytes 08/01/2014 19:53:52
VBASE023.VDF : 7.11.124.79 144896 Bytes 09/01/2014 19:53:53
VBASE024.VDF : 7.11.124.177 178176 Bytes 11/01/2014 19:53:54
VBASE025.VDF : 7.11.125.41 319488 Bytes 14/01/2014 19:53:55
VBASE026.VDF : 7.11.125.149 260096 Bytes 17/01/2014 19:53:57
VBASE027.VDF : 7.11.125.207 190976 Bytes 20/01/2014 19:53:58
VBASE028.VDF : 7.11.125.208 2048 Bytes 20/01/2014 19:53:58
VBASE029.VDF : 7.11.125.209 2048 Bytes 20/01/2014 19:53:58
VBASE030.VDF : 7.11.125.210 2048 Bytes 20/01/2014 19:53:58
VBASE031.VDF : 7.11.125.232 118272 Bytes 20/01/2014 19:53:59
Versão do mecanismo : 8.2.12.174
AEVDF.DLL : 8.1.3.4 102774 Bytes 13/12/2013 17:11:18
AESCRIPT.DLL : 8.1.4.180 520574 Bytes 20/01/2014 19:54:15
AESCN.DLL : 8.1.10.6 131447 Bytes 13/12/2013 17:11:18
AESBX.DLL : 8.2.20.6 1331575 Bytes 20/01/2014 19:54:17
AERDL.DLL : 8.2.0.138 704888 Bytes 13/12/2013 17:11:18
AEPACK.DLL : 8.3.3.8 762232 Bytes 20/01/2014 19:54:14
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 13/12/2013 17:11:18
AEHEUR.DLL : 8.1.4.870 6459770 Bytes 20/01/2014 19:54:12
AEHELP.DLL : 8.1.27.10 266618 Bytes 13/12/2013 17:11:18
AEGEN.DLL : 8.1.7.22 446839 Bytes 20/01/2014 19:54:00
AEEXP.DLL : 8.4.1.164 409976 Bytes 20/01/2014 19:54:17
AEEMU.DLL : 8.1.3.2 393587 Bytes 13/12/2013 17:11:18
AECORE.DLL : 8.1.33.0 225657 Bytes 13/12/2013 17:11:18
AEBB.DLL : 8.1.1.4 53619 Bytes 13/12/2013 17:11:18
AVWINLL.DLL : 14.0.2.180 23608 Bytes 13/12/2013 17:11:19
AVPREF.DLL : 14.0.2.180 48696 Bytes 13/12/2013 17:11:19
AVREP.DLL : 14.0.2.180 175672 Bytes 13/12/2013 17:11:19
AVARKT.DLL : 14.0.2.254 256056 Bytes 13/12/2013 17:11:18
AVEVTLOG.DLL : 14.0.2.180 165944 Bytes 13/12/2013 17:11:18
SQLITE3.DLL : 3.7.0.1 394808 Bytes 13/12/2013 17:11:21
AVSMTP.DLL : 14.0.2.180 60472 Bytes 13/12/2013 17:11:19
NETNT.DLL : 14.0.2.180 13368 Bytes 13/12/2013 17:11:20
RCIMAGE.DLL : 14.0.2.180 4788792 Bytes 13/12/2013 17:11:21
RCTEXT.DLL : 14.0.2.264 74296 Bytes 13/12/2013 17:11:21

Opções de configuração para a varredura:
Nome da tarefa......................................: Varredura completa
Arquivo de configuração.............................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Relatório...........................................: padrão
Ação primária.......................................: Reparar
Ação secundária.....................................: Excluir
Fazer a varredura do setor mestre de inicialização..: ativado
Fazer a varredura do setor de inicialização.........: ativado
Setores de inicialização............................: C:,
Varredura do processo...............................: ativado
Varredura do processo estendida.....................: ativado
Fazer a varredura do registro.......................: ativado
Procurar rootkits...................................: ativado
Varredura da integridade dos arquivos de sistema....: desativado
Fazer a varredura de todos arquivos.................: Todos os arquivos
Fazer a varredura dos arquivamentos.................: ativado
Profundidade de recursão............................: 20
Extensões inteligentes..............................: ativado
Heurística para vírus de macro......................: ativado
Heurística do arquivo...............................: estendido
Desviando categorias de risco.......................: +APPL,+JOKE,+PCK,+SPR,

Início da varredura: segunda-feira, 20 de janeiro de 2014 18:27

Iniciar a varredura dos setores de inicialização:
Setor de inicialização 'HDD0(C:)'
[INFO] Nenhum vírus foi encontrado!

Iniciando a pesquisa de objetos ocultos.
Erro na biblioteca ARK

A varredura dos processos em execução será iniciada:
Processo de varredura 'svchost.exe' – foi feita a varredura em '52' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '36' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '84' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '103' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '86' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '170' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '79' módulo(s)
Processo de varredura 'spoolsv.exe' – foi feita a varredura em '84' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '68' módulo(s)
Processo de varredura 'taskhost.exe' – foi feita a varredura em '68' módulo(s)
Processo de varredura 'Dwm.exe' – foi feita a varredura em '33' módulo(s)
Processo de varredura 'armsvc.exe' – foi feita a varredura em '29' módulo(s)
Processo de varredura 'Explorer.EXE' – foi feita a varredura em '164' módulo(s)
Processo de varredura 'igfxtray.exe' – foi feita a varredura em '29' módulo(s)
Processo de varredura 'lkads.exe' – foi feita a varredura em '51' módulo(s)
Processo de varredura 'hkcmd.exe' – foi feita a varredura em '28' módulo(s)
Processo de varredura 'igfxpers.exe' – foi feita a varredura em '35' módulo(s)
Processo de varredura 'RAVCpl64.exe' – foi feita a varredura em '42' módulo(s)
Processo de varredura 'nimxs.exe' – foi feita a varredura em '57' módulo(s)
Processo de varredura 'nidmsrv.exe' – foi feita a varredura em '51' módulo(s)
Processo de varredura 'SystemWebServer.exe' – foi feita a varredura em '101' módulo(s)
Processo de varredura 'tagsrv.exe' – foi feita a varredura em '71' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '35' módulo(s)
Processo de varredura 'WLIDSVC.EXE' – foi feita a varredura em '78' módulo(s)
Processo de varredura 'lkcitdl.exe' – foi feita a varredura em '54' módulo(s)
Processo de varredura 'lktsrv.exe' – foi feita a varredura em '53' módulo(s)
Processo de varredura 'WLIDSvcM.exe' – foi feita a varredura em '17' módulo(s)
Processo de varredura 'jusched.exe' – foi feita a varredura em '50' módulo(s)
Processo de varredura 'ApplicationWebServer.exe' – foi feita a varredura em '55' módulo(s)
Processo de varredura 'nimdnsResponder.exe' – foi feita a varredura em '59' módulo(s)
Processo de varredura 'niDiscSvc.exe' – foi feita a varredura em '44' módulo(s)
Processo de varredura 'SearchIndexer.exe' – foi feita a varredura em '98' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '37' módulo(s)
Processo de varredura 'SearchProtocolHost.exe' – foi feita a varredura em '61' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '50' módulo(s)
Processo de varredura 'wmpnetwk.exe' – foi feita a varredura em '76' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '119' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '72' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '55' módulo(s)
Processo de varredura 'IAStorDataMgrSvc.exe' – foi feita a varredura em '57' módulo(s)
Processo de varredura 'NASvc.exe' – foi feita a varredura em '46' módulo(s)
Processo de varredura 'wuauclt.exe' – foi feita a varredura em '37' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '55' módulo(s)
Processo de varredura 'avguard.exe' – foi feita a varredura em '99' módulo(s)
Processo de varredura 'avshadow.exe' – foi feita a varredura em '29' módulo(s)
Processo de varredura 'sched.exe' – foi feita a varredura em '59' módulo(s)
Processo de varredura 'avgnt.exe' – foi feita a varredura em '96' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '55' módulo(s)
Processo de varredura 'taskhost.exe' – foi feita a varredura em '47' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '55' módulo(s)
Processo de varredura 'avconfig.exe' – foi feita a varredura em '91' módulo(s)
Processo de varredura 'avcenter.exe' – foi feita a varredura em '162' módulo(s)
Processo de varredura 'taskeng.exe' – foi feita a varredura em '28' módulo(s)
Processo de varredura 'SearchFilterHost.exe' – foi feita a varredura em '30' módulo(s)
Processo de varredura 'avscan.exe' – foi feita a varredura em '110' módulo(s)
Processo de varredura 'vssvc.exe' – foi feita a varredura em '47' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '15' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '28' módulo(s)
Processo de varredura 'smss.exe' – foi feita a varredura em '2' módulo(s)
Processo de varredura 'csrss.exe' – foi feita a varredura em '18' módulo(s)
Processo de varredura 'wininit.exe' – foi feita a varredura em '26' módulo(s)
Processo de varredura 'csrss.exe' – foi feita a varredura em '16' módulo(s)
Processo de varredura 'services.exe' – foi feita a varredura em '33' módulo(s)
Processo de varredura 'lsass.exe' – foi feita a varredura em '65' módulo(s)
Processo de varredura 'lsm.exe' – foi feita a varredura em '16' módulo(s)
Processo de varredura 'winlogon.exe' – foi feita a varredura em '32' módulo(s)

Iniciando a varredura dos arquivos executáveis (registro):
Foi feita a varredura no registro ( '27204' arquivos ).


Iniciando a varredura do arquivo:

Iniciar varredura em 'C:\'
C:\Users\Reinaldo\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe
[DETECÇÃO] Contém padrões de vírus de Adware ADWARE/InstallCore.Gen
[NOTA] Um backup foi criado como '5cab1823.qua' ( QUARENTENA )
[NOTA] O arquivo foi excluído.
C:\Users\Reinaldo\Desktop\FLVMPlayer.exe
[DETECÇÃO] Contém o padrão de reconhecimento do aplicativo APPL/Bechiro.A
[NOTA] Um backup foi criado como '4449424f.qua' ( QUARENTENA )
[NOTA] O arquivo foi excluído.


Término da varredura: terça-feira, 21 de janeiro de 2014 00:20
Tempo decorrido: 5:53:17 Hora(s)

A varredura foi concluída.

83887 Diretórios verificados
1909712 Foi feita a varredura nos arquivos
2 Vírus e/ou programas indesejados foram encontrados
0 Os arquivos foram classificados como suspeitos
2 Arquivos excluídos
0 Vírus e programas indesejados foram reparados
2 Os arquivos foram movidos para a quarentena
0 Os arquivos foram renomeados
0 Não é possível fazer a varredura dos arquivos
1909710 Arquivos não envolvidos
30971 Varredura dos arquivamentos terminada
0 Avisos
2 Notas
68 Os objetos foram verificados com a varredura de rootkit
0 Objetos ocultos foram encontrados

Só para finalizar faça estes últimos procedimentos, por gentileza:

Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).

Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:


Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.

Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):

__________________________________________________________

Depois disto siga também as dicas destes tutoriais abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)

*Depois disto é só executá-lo, deixar selecionadas as opções  Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique em [Run]

Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt

   Foi um prazer ajudar, conte sempre conosco!

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.