Me ajudem a remover o maldito Awesomehp, por favor!

por favor me ajudem a retirar essa droga do meu pc, estalei o ZHPDiag e o relatorio foi esse:


~ Relatório do ZHPDiag v2014.2.10.5 - Nicolas Coolman (10/2/2014)
~ Iniciado por USUARIO (12/2/2014 16:05:59)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v32.0.1700.107 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 1.75.0.1300

---\\ Softwares d'optimização do sistema
CCleaner v4.05 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX & Plugin

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2008 MB (18% free)
System Restore: Activé (Enable)
System drive C: has 129 GB (86%) free of 149 GB

---\\ Modo de conexão ao sistema
~ Computer Name: STI
~ User Name: USUARIO
~ All Users Names: USUARIO, SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\USUARIO\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\USUARIO\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\USUARIO\Desktop\
~ %Favorites% : C:\Documents and Settings\USUARIO\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\USUARIO\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 129 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 16:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E3CA7B02DE162AE351160FB552E9EC3C] - (.Microsoft Corporation - Internet Extensions for Win32.) (.29/10/2013 - 04:44:53.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 16:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 13:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 09:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 08:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 15:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 06:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 15:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 08:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 08:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 09:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 09:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 09:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.21/10/2008 - 00:09:25.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 09:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 13:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 17:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 15:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/68
~ Mes musiques (My Musics) : 8/667
~ Mes Videos (My Videos) : 2/13
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/1630
~ Mon Bureau (My Desktop) : 2/8
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 06s



---\\ Processos lançados
[MD5.0E68A0BD86C3F2461C7DB224368AE438] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [410152] [PID.1492]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe [50344] [PID.496]
[MD5.5EEDDA81DB73A1124F97B07A6A5FB2B1] - (.New Softwares.net - Service Application.) -- C:\WINDOWS\system32\WinFLService.exe [92360] [PID.1992]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648] [PID.2040]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.788]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1368]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1044]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.1824]
[MD5.2D4408773A450FF67165F08980425C97] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Arquivos de programas\CyberLink\YouCam\YouCamService.exe [255208] [PID.3736]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3872]
[MD5.13D19DBE4A376FED44886FDB4A3D0E74] - (.New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656] [PID.1212]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2244]
[MD5.0732975BCC894FB170B9C8D8F0F23B67] - (. New Softwares.net - Tray Application.) -- C:\WINDOWS\system32\WinFLTray.exe [321736] [PID.2296]
[MD5.49496011583BC78B6D3CBC484D82F50F] - (. New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServ.exe [1238216] [PID.3008]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2556]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [866632] [PID.1284]
[MD5.C5AC2D90D39224C7D84DD7E9B783BE31] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8333824] [PID.2740]
~ Processes Running: Scanned in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 13 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 18



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense BANESTES - {C41A1C0E-EA6C-11D4-B1B8-444553540017} . (.Banco do Estado do Espirito Santo - BANESTE - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehbnt.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: IObit Uninstaller.lnk . (.IObit - Uninstall Programs.) -- C:\Arquivos de programas\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
~ Global Startup: 4 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [YouCam Service] . (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Arquivos de programas\CyberLink\YouCam\YouCamService.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Arquivos de programas\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FLBackup] . (.New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKCU\..\Run: [WinFLTray] . (. New Softwares.net - Tray Application.) -- C:\WINDOWS\system32\WinFLTray.exe
O4 - HKCU\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\.DEFAULT\..\RunOnce: [Del2031765] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [Del2031765] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [FLBackup] . (.New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [WinFLTray] . (. New Softwares.net - Tray Application.) -- C:\WINDOWS\system32\WinFLTray.exe
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe =>Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.banestes.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8432211-D9FD-481A-BC26-D85D159EA632}: DhcpNameServer = 201.10.128.3 201.10.120.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{D8432211-D9FD-481A-BC26-D85D159EA632}: DhcpNameServer = 201.10.128.3 201.10.120.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{D8432211-D9FD-481A-BC26-D85D159EA632}: DhcpNameServer = 201.10.128.3 201.10.120.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.10.128.3 201.10.120.2
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginBnt . (.Banco do Estado do Espirito Santo - BANESTE - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehBnt.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: FLService (FLService) . (.New Softwares.net - Service Application.) - C:\WINDOWS\system32\WinFLService.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
~ Services: 7 Legitimates Filtered in 00mn 09s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [416]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At2.job [418]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At3.job [420]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At4.job [418]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoforFilesUpdate.job [298] =>P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.60BC29ECBABDB50E4B29C0C6FB881720] [APT] [At2] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.exe [106496]
[MD5.60BC29ECBABDB50E4B29C0C6FB881720] [APT] [At3] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.exe [106496]
[MD5.00000000000000000000000000000000] [APT] [At4] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\SAVESE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Arquivos de programas\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
~ Scheduled Task: 23 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)
O41 - Driver: (WinFLAdrv) . (...) - C:\WINDOWS\system32\WinFLAdrv.sys
~ Drivers: 87 Legitimates Filtered in 00mn 02s



---\\ Software instalados (042)
O42 - Logiciel: Extended Update - (...) [HKCU] -- UpdaterEX =>PUP.Dealply
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: OfflineMaps - (.Hungry for Knowledge.) [HKLM] -- {6058F436-7022-4063-9FE5-9615FC1FD3A7}
~ Logic: 22 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\OB]
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\ctfmon]
[HKCU\Software\indii.org]
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\PIP]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wpm] =>PUP.WpManager
[HKLM\Software\baidu] =>Adware.BDSearch
[HKLM\Software\indii.org]
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\supWPM] =>PUP.WpManager
~ Key Software: 376 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 4/11/2013 - 14:31:37 - [0] ----D C:\Arquivos de programas\Baidu Security =>Adware.BDSearch
O43 - CFD: 19/12/2013 - 17:04:30 - [0,951] ----D C:\Arquivos de programas\Hungry for Knowledge
O43 - CFD: 12/8/2013 - 18:00:55 - [0] ----D C:\Arquivos de programas\indii.org
O43 - CFD: 21/6/2013 - 12:07:13 - [0,062] ----D C:\Arquivos de programas\Mx One
O43 - CFD: 12/11/2013 - 16:18:13 - [2,852] ----D C:\Arquivos de programas\OI
O43 - CFD: 1/6/2013 - 19:26:23 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 5/2/2014 - 14:31:18 - [0] ----D C:\Arquivos de programas\SupTab =>PUP.SupTab
O43 - CFD: 12/8/2013 - 17:42:40 - [1,828] ----D C:\Arquivos de programas\Tint
O43 - CFD: 1/6/2013 - 20:05:11 - [0,828] ----D C:\Arquivos de programas\utvideo
O43 - CFD: 1/6/2013 - 19:25:54 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 6/7/2013 - 00:17:31 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Babylon =>PUP.Babylon
O43 - CFD: 12/8/2013 - 15:50:04 - [0,001] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu =>Adware.BDSearch
O43 - CFD: 23/10/2013 - 17:20:41 - [133,829] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 6/8/2013 - 10:28:22 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
O43 - CFD: 5/2/2014 - 14:29:52 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService =>Trojan.Trojan.SProtector
O43 - CFD: 27/1/2014 - 15:27:54 - [0,005] ----D C:\Documents and Settings\All Users\Dados de aplicativos\InstallMate
O43 - CFD: 10/2/2014 - 14:59:04 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\ProductData
O43 - CFD: 5/2/2014 - 17:22:13 - [1,045] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer =>PUP.Tarma
O43 - CFD: 5/2/2014 - 14:31:41 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\WPM =>PUP.WpManager
O43 - CFD: 6/7/2013 - 00:17:31 - [0,009] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\Babylon =>PUP.Babylon
O43 - CFD: 12/8/2013 - 15:50:36 - [0] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu =>Adware.BDSearch
O43 - CFD: 23/10/2013 - 17:22:30 - [19,201] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 19/9/2013 - 16:33:50 - [0,081] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\SpeedAnalysis4 =>PUP.SpeedAnalysis
O43 - CFD: 4/11/2013 - 14:34:07 - [0,102] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\UpdaterEX =>PUP.Dealply
O43 - CFD: 18/8/2013 - 18:24:39 - [0] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\WebCake =>Adware.WebCake
O43 - CFD: 6/7/2013 - 00:17:39 - [2,165] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Babylon =>PUP.Babylon
O43 - CFD: 4/11/2013 - 14:56:31 - [0,016] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Devolutions
O43 - CFD: 5/2/2014 - 17:22:11 - [0] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\genienext
O43 - CFD: 5/2/2014 - 14:26:57 - [0] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Lollipop =>Adware.Lollipop
O43 - CFD: 1/6/2013 - 19:43:23 - [0,015] R---D C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Acessórios
O43 - CFD: 5/2/2014 - 14:26:55 - [0] R---D C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Inicializar
~ Program Folder: 159 Legitimates Filtered in 00mn 37s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 12/2/2014 - 13:07:11 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/2/2014 - 14:54:53 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.1E2DDDA55DC6D0FC73E1F1047952D558] - 12/2/2014 - 14:54:54 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.17C0C8794415ACD1F29371FED34C4525] - 12/2/2014 - 14:54:54 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.6B6C5E80871EC221F073B32364ABCCFA] - 4/2/2014 - 15:12:43 -SHA- . (...) -- C:\WINDOWS\system32\win_stlthdb_sys.dat [3465]
O44 - LFC:[MD5.037BC537A22BD6730BD88D10BEDB3475] - 4/2/2014 - 15:13:18 -SHA- . (...) -- C:\WINDOWS\system32\win_fldb_sys.dat [2079]
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 5/2/2014 - 13:53:36 ---A- . (...) -- C:\WINDOWS\system32\config.ini [29]
~ Files: 26 Legitimates Filtered in 00mn 38s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399017} - C:\Arquivos de programas\GbPlugin\gbiehbnt.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\GoforFiles\goforfilesdl.exe" [Enabled] .(...) -- C:\Arquivos de programas\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\GoforFiles\GoforFiles.exe" [Enabled] .(...) -- C:\Arquivos de programas\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
~ Keys Export: 12 Legitimates Filtered in 00mn 07s



---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\WinFLAdrv.sys . (...) -- C:\WINDOWS\system32\Drivers\WinFLAdrv.sys (.not file.)
~ CSB: 24 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{68a767fa-4bc6-11e3-9ae7-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{68a767fe-4bc6-11e3-9ae7-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{7d6e1a89-cc57-11e2-9a29-0017c4920239}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{f600bf12-1349-11e3-9a91-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{f600bf14-1349-11e3-9a91-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 01s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.CSCD"="CamCodec.dll" . (.CamStudio Group - CamStudio Lossless Video Codec.) -- C:\WINDOWS\system32\CamCodec.dll
O52 - TDSD: \Drivers32\"VIDC.MLCY"="mlc.dll" . (...) -- C:\WINDOWS\system32\mlc.dll
O52 - TDSD: \Drivers32\"VIDC.ULRA"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.ULRG"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.ULY0"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.ULY2"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.VP80"="vp8vfw.dll" . (.Optima SC Inc. - Google VP8 VFW Video Codec.) -- C:\WINDOWS\system32\vp8vfw.dll
O52 - TDSD: \Drivers32\"VIDC.GEOX"="GeoCodec.dll" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodec.dll
O52 - TDSD: \Drivers32\"VIDC.GEOV"="GeoCodec.dll" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodec.dll
O52 - TDSD: \Drivers32\"VIDC.GEOS"="GeoCodecD.dll" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodecD.dll
O52 - TDSD: \drivers.desc\"CamCodec.dll"="CamStudio Lossless Codec" . (.CamStudio Group - CamStudio Lossless Video Codec.) -- C:\WINDOWS\system32\CamCodec.dll
O52 - TDSD: \drivers.desc\"mlc.dll"="MLC Lossless Codec" . (...) -- C:\WINDOWS\system32\mlc.dll
O52 - TDSD: \drivers.desc\"vp8vfw.dll"="VP8 Video Codec" . (.Optima SC Inc. - Google VP8 VFW Video Codec.) -- C:\WINDOWS\system32\vp8vfw.dll
O52 - TDSD: \drivers.desc\"GeoCodec.dll"="GeoVision MPEG4" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodec.dll
O52 - TDSD: \drivers.desc\"GeoCodecD.dll"="GeoVision MPEG4 Decoder" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodecD.dll
~ TDSD: 48 Legitimates Filtered in 00mn 03s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 22/11/2013 - 12:47:18 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 30/12/2013 - 21:07:25 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 21/10/2008 - 00:08:13 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 8/5/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 12/2/2014 - 13:07:11 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/4/2008 - 06:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/10/2001 - 06:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 21/10/2008 - 00:08:13 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 06:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/10/2001 - 06:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 28/10/2001 - 06:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/10/2001 - 06:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/4/2008 - 06:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 13/4/2008 - 06:49:48 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 13/4/2008 - 06:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 13/4/2008 - 06:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 13/4/2008 - 06:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 13/4/2008 - 06:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
O58 - SDL:[MD5.CB79207A1E4F697533678B7DF0C91648] - 6/11/2013 - 14:32:46 ---A- . (...) -- C:\WINDOWS\system32\WinFLAdrv.sys [29184]
O58 - SDL:[MD5.2BD447AA9488959A76508E5F78619FE4] - 6/11/2013 - 14:32:44 ---A- . (...) -- C:\WINDOWS\system32\WinVDEdrv6.sys [188176]
~ Drivers: 5 Legitimates Filtered in 00mn 11s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 6/11/2013 - C:\WINDOWS\system32\WinFLService.exe (FLService) .(.New Softwares.net - Service Application.) - LEGACY_FLSERVICE
O64 - Services: CurCS - 8/5/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 23/5/2013 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 147 Legitimates Filtered in 00mn 02s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {22648294-A905-43D9-97B8-135DB5798537} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B56980E72033219E8CC57BB0746871C0] [SPRF][4/2/2014] (...) -- C:\Documents and Settings\All Users\Dados de aplicativos\win_mpwd_sys.dat [2568]
[MD5.9A28A9DBBA6739C90C741C398E8E4E8D] [SPRF][28/1/2014] (...) -- C:\Documents and Settings\USUARIO\Dados de aplicativos\unins000.dat [29619]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][28/1/2014] (.No owner - Setup/Uninstall.) -- C:\Documents and Settings\USUARIO\Dados de aplicativos\unins000.exe [720082]
[MD5.BD326079B03A3A5C864C29F10E867836] [SPRF][28/1/2014] (...) -- C:\Documents and Settings\USUARIO\Dados de aplicativos\USUARIOv1.18.0 - Trial versionlog.dat [8008]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.4D92E596CAFD2019F19CC6A16143C57D] [WIS][1/6/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\19dd2c.msi [1632768]
~ WIS: 40 Legitimates Filtered in 00mn 12s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 5/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 2/6/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SS - | Auto 7/2/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe

SR - | Auto 10/2/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 6/11/2013 92360 | (FLService) . (.New Softwares.net.) - C:\WINDOWS\system32\WinFLService.exe
SR - | Auto 23/5/2013 410152 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 5/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

~ Services: Scanned in 00mn 15s



---\\ Scâner Aditional (088)
Database Version : 13030 - (10/2/2014)
Clés trouvées (Keys found) : 27
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 19
Fichiers trouvés (Files found) : 10

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly] =>PUP.DealPly
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322342226}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322802294}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.6.0.35848] =>Adware.BDSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.7.0.0] =>Adware.BDSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] =>Adware.BDSearch
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Arquivos de programas\Baidu Security =>Adware.BDSearch^
C:\Arquivos de programas\SupTab =>PUP.SupTab^
C:\Documents and Settings\All Users\Dados de aplicativos\Babylon =>PUP.Babylon^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu =>Adware.BDSearch^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService =>Trojan.Trojan.SProtector^
C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer =>PUP.Tarma^
C:\Documents and Settings\All Users\Dados de aplicativos\WPM =>PUP.WpManager^
C:\Documents and Settings\USUARIO\Dados de aplicativos\Babylon =>PUP.Babylon^
C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu =>Adware.BDSearch^
C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\USUARIO\Dados de aplicativos\SpeedAnalysis4 =>PUP.SpeedAnalysis^
C:\Documents and Settings\USUARIO\Dados de aplicativos\UpdaterEX =>PUP.Dealply^
C:\Documents and Settings\USUARIO\Dados de aplicativos\WebCake =>Adware.WebCake^
C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Babylon =>PUP.Babylon^
C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Lollipop =>Adware.Lollipop^
C:\Documents and Settings\All Users\Dados de aplicativos\InstallMate =>PUP.Tarma
C:\Documents and Settings\USUARIO\Dados de aplicativos\SearchProtect =>Toolbar.Conduit
C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\SearchProtect =>Toolbar.Conduit
C:\WINDOWS\Tasks\GoforFilesUpdate.job =>P2P.GoforFiles^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wpm] =>PUP.WpManager^
[HKLM\Software\baidu] =>Adware.BDSearch^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKLM\Software\supWPM] =>PUP.WpManager^
~ Additionnel Scan: 178527 Items scanned in 00mn 56s



---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Mobogenie
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.VidSaver
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.SProtector
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SpeedAnalysis
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.WebCake
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.DeltaSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.RewardsArcade
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ MSI: 20 link(s) detected in 00mn 56s



~ 950 Legitimates filtered by white list
End of the scan (676 lines in 03mn 35s)(0)

   Olá Fabrício. Seja bem vindo ao Fórum PC Brasil.

O relatório que você postou está incompleto. Poste ele inteiro, por gentileza, para que possamos analisar.

Editei novamente..espero que agora o relatório esteja Completo! Muito Obrigado!

  Agora está certo, estou analisando o seu log e daqui há pouco te passo o procedimento.

 Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)

 Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.2.3.1 par Nicolas Coolman, Update du 03/02/2014
Fichier d'export Registre :
Run by USUARIO at 12/2/2014 17:25:52
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 14s)

========== Softwares ==========
AUSENTE Uninstall Process: c:\docume~1\usuario\dadosd~1\update~1\updateproc\updatetask.exe

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\DOCUME~1\USUARIO\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
ELIMINÉ: CLSID Extra Buttons: {e2e2dd38-d088-4134-82b7-f2ba38496583}
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: InCDPass
ELIMINÉ Driver Key: InCDRm
ELIMINÉ: HKCU\Software\APN PIP
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\InstalledBrowserExtensions
ELIMINÉ: HKCU\Software\Smartbar
ELIMINÉ: HKCU\Software\Softonic
ELIMINÉ: HKCU\Software\lollipop
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\PIP
ELIMINÉ: HKLM\Software\Tarma Installer
ELIMINÉ: HKLM\Software\Wpm
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ: HKLM\Software\supTab
ELIMINÉ: HKLM\Software\supWPM
ELIMINÉ O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\WinFLAdrv.sys . (...) -- C:\WINDOWS\system32\Drivers\WinFLAdrv.sys (.not file.)
ELIMINÉ CLSID MPSK: {68a767fa-4bc6-11e3-9ae7-0017c4920239}
ELIMINÉ CLSID MPSK: {68a767fe-4bc6-11e3-9ae7-0017c4920239}
ELIMINÉ CLSID MPSK: {7d6e1a89-cc57-11e2-9a29-0017c4920239}
ELIMINÉ CLSID MPSK: {f600bf12-1349-11e3-9a91-0017c4920239}
ELIMINÉ CLSID MPSK: {f600bf14-1349-11e3-9a91-0017c4920239}
ELIMINÉ: SearchScopes :{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
ELIMINÉ: HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
ELIMINÉ: HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
ELIMINÉ: HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
ELIMINÉ: HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
ELIMINÉ: HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
ELIMINÉ: HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
ELIMINÉ: HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
ELIMINÉ: HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
ELIMINÉ: HKLM\Software\Classes\Prod.cap
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ: HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322342226}
ELIMINÉ: HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322802294}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.6.0.35848
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.7.0.0
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus

========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
ELIMINÉ RunValue: mobilegeni daemon
ELIMINÉ RunValue: MsnMsgr
ELIMINÉ RunValue: nltide_2
ELIMINÉ RunValue: nltide_3
ELIMINÉ RunValue: SpUninstallDeleteDir
ELIMINÉ AAKE KeyValue: C:\Arquivos de programas\GoforFiles\goforfilesdl.exe
ELIMINÉ AAKE KeyValue: C:\Arquivos de programas\GoforFiles\GoforFiles.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R1 Search Page =

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\tasks\at1.job
ELIMINÉ: c:\windows\tasks\at2.job
ELIMINÉ: c:\windows\tasks\at3.job
ELIMINÉ: c:\windows\tasks\at4.job
ELIMINÉ: c:\windows\tasks\goforfilesupdate.job
ELIMINÉ Temporários windows (3) (1.397 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: At1
ELIMINÉ: At2
ELIMINÉ: At3
ELIMINÉ: At4
ELIMINÉ: GoforFilesUpdate

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Processo memória
49 : Chaves do Registo
14 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
7 : Ficheiros
1 : Softwares
5 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 03s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\USUARIO\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 12/2/2014 17:26:07 [5301]

 Siga, por gentileza, as dicas dos tutoriais abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt e o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

log do Adwcleaner:



# AdwCleaner v3.018 - Relatório criado 07/02/2014 às 17:22:49
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : USUARIO - STI
# Executando de : C:\Documents and Settings\USUARIO\Meus documentos\Downloads\adwcleaner.exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\WINDOWS\Tasks\GoforFilesUpdate.job
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Encontrado C:\Documents and Settings\NetworkService\Dados de aplicativos\UpdaterEX
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Babylon
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\lollipop
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Searchprotect
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\Babylon
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\baidu
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\goforfiles
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\Searchprotect
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\UpdaterEX
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\WebCake

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Encontrada : HKCU\Software\APN PIP
Chave Encontrada : HKCU\Software\installedbrowserextensions
Chave Encontrada : HKCU\Software\lollipop
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Chave Encontrada : HKCU\Software\smartbar
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366806694}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bonanza Deals
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.3
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Encontrada : HKLM\Software\PIP
Chave Encontrada : HKLM\Software\Tarma Installer
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\GoforFiles\GoforFiles.exe]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\GoforFiles\goforfilesdl.exe]

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v32.0.1700.107

[ Arquivo : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5702 octets] - [07/02/2014 16:55:16]
AdwCleaner[R1].txt - [5622 octets] - [07/02/2014 17:22:49]
AdwCleaner[S0].txt - [378 octets] - [07/02/2014 16:56:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5741 octets] ##########
# AdwCleaner v3.019 - Relatório criado 18/02/2014 às 13:01:19
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : USUARIO - STI
# Executando de : C:\Documents and Settings\USUARIO\Meus documentos\Downloads\AdwCleaner (1).exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Encontrado : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pkndmigholgfjlniaohblojbhgjbkakn
Pasta Encontrado C:\Arquivos de programas\Mobogenie
Pasta Encontrado C:\Documents and Settings\NetworkService\Dados de aplicativos\UpdaterEX
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Mobogenie

***** [ Atalhos ] *****

Atalho Encontrado : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Internet Explorer.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )

***** [ Registro ] *****

Chave Encontrada : HKCU\Software\GoforFiles
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UpdaterEX
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Encontrada : HKCU\Software\UpdaterEX
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Chave Encontrada : HKLM\Software\GoforFiles
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bonanza Deals
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.3
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command [(Default)] - "C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [(Default)] - "C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Arquivos de programas\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v32.0.1700.107

[ Arquivo : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8455 octets] - [07/02/2014 15:55:16]
AdwCleaner[R1].txt - [10995 octets] - [07/02/2014 16:22:49]
AdwCleaner[S0].txt - [760 octets] - [07/02/2014 15:56:56]
AdwCleaner[S1].txt - [378 octets] - [07/02/2014 16:24:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [11174 octets] ##########






log do Junkware Removal Tool :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by USUARIO on seg 17/02/2014 at 17:54:08,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366806694}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366806694}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"
Successfully deleted: [Folder] "C:\Documents and Settings\USUARIO\Dados de aplicativos\goforfiles"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on seg 17/02/2014 at 18:05:23,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Quanto ao AdwCleaner, faz muitos dias que você executou ele, veja:

# AdwCleaner v3.018 - Relatório criado 07/02/2014 às 17:22:49
_________________________________________________________

Abra o Adwcleaner > Clique em Examinar > Assim que ele concluir o exame clique em Limpar e depois poste novo relatório que ele irá criar.

Eu ja fiz isso, quando coloco pra limpar o computador trava! Fiz 3 vezes ja e acontece a msm coisa sempre! Não chega a concluir! O que faço?

* Inicie o PC em Modo Seguro (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro). Quando o PC estiver no Modo seguro você executa novamente o Adwcleaner e faz a limpeza com ele e depois poste o relatório que ele irá criar aqui em seu tópico.

Se mesmo assim não for possível, nos avise para buscarmos outra alternativa.

TÓPICO ARQUIVADO

Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.