Remoção de malwares do meu computador

por pamonha Dom 16 Fev 2014, 15:22

Caros amigos,

Após ter-lhes postado o relatório emitido por HijackThis, faço-lhes a postagem do diagnóstico emitido pelo ZHPDiag, com vistas a prestar-lhes subsídios no sentido de uma orientação para remoção em DEFINITIVO do impostor "AWESOMEHP.COM", que sequestrou a minha navegação tanto no Internet Explorer (o Google é o padrão) quanto no Google Chrome. De já meu sincero agradecimento.

Relatório do ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
~ Iniciado por Haroldo (16/02/2014 14:50:51)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16518
GCIE: Google Chrome v32.0.1700.107 (Defaut)
GCIE: Google Chrome Frame v32.0.1700.107 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766.8 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 75 GB (40%) free of 187 GB

---\\ Modo de conexão ao sistema
~ Computer Name: HAROLDO-PC
~ User Name: Haroldo
~ All Users Names: HomeGroupUser$, Haroldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Haroldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Haroldo\AppData\Roaming\
~ %Desktop% : C:\Users\Haroldo\Desktop\
~ %Favorites% : C:\Users\Haroldo\Favorites\
~ %LocalAppData% : C:\Users\Haroldo\AppData\Local\
~ %StartMenu% : C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 75 Go of 187 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 98 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/02/2014 - 06:24:52.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/308
~ Mes musiques (My Musics) : 1/37
~ Mes Videos (My Videos) : 2/912
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 1/377
~ Mon Bureau (My Desktop) : 1/24
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 04s

---\\ Processos lançados
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.2920]
[MD5.11518C0995B3B8A96AC5F1885B6F20C2] - (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024] [PID.2932] =>PUP.Mobogenie
[MD5.4263F6C131E513CEA1AE82B5B81A4E1A] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [808152] [PID.2580]
[MD5.1ACCA74287FE5D7449FBB2B9F0C83341] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [309328] [PID.1672] =>Toolbar.Google
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [233048] [PID.2836]
[MD5.85D374F30A2015D795B1E8D1258866D4] - (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe [116280] [PID.2876]
[MD5.B5C774CFA944AF3E9A42B592B476F570] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.3540]
[MD5.D53024C1355615B82DD1526B63623E61] - (...) -- C:\Program Files (x86)\Mobogenie\mgusb.exe [88256] [PID.0] =>PUP.Mobogenie
[MD5.DAAA237C34A506EF56D44A56EA039CC0] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [452968] [PID.944]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1400]
[MD5.974A1F783ED34588B45FAD6375077BA6] - (.Hewlett-Packard Company - SolutionsFrameworkService.) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904] [PID.2344]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.1428]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files (x86)\ZHPDiag\pv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\eseeky-search.xml =>Hijacker.Eseeky
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\improvedsearch.xml
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ IE Browser: 23 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 25

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Bnb [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540014} . (.Banco do Nordeste do Brasil S.A. - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehbnb.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\Desktop [Public]: Guitar Pro 6.lnk . (...) -- C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
O4 - GS\Desktop [Public]: HP ePrinterCenter.lnk . (...) -- C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url
O4 - GS\Desktop [Public]: HP Print and Scan Doctor.lnk . (...) -- C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
O4 - GS\Desktop [Public]: Java Web Start.lnk . (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe
O4 - GS\Desktop [Public]: LibreOffice 4.1.lnk . (.The Document Foundation - LibreOffice.) -- C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: PowerISO.lnk . (.Power Software Ltd - PowerISO.) -- C:\Program Files (x86)\PowerISO\PowerISO.exe
O4 - GS\Desktop [Public]: Receitanet 1.03 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.) -- C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: VDownloader.lnk . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
O4 - GS\QuickLaunch [Haroldo]: 4shared Desktop.lnk . (...) -- C:\Program Files (x86)\4shared Desktop\desktop.exe (.not file.)
O4 - GS\QuickLaunch [Haroldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\QuickLaunch [Haroldo]: Guitar Pro 6.lnk . (...) -- C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
O4 - GS\QuickLaunch [Haroldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\TaskBar [Haroldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\TaskBar [Haroldo]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\TaskBar [Haroldo]: Mobogenie.lnk . (...) -- C:\Program Files (x86)\Mobogenie\Mobogenie.exe =>PUP.Mobogenie
O4 - GS\Program [Haroldo]: 30 dicas para o Google Chrome - Parte 2 - Internet - iG.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\Program [Haroldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Program [Haroldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\SystemTools [Haroldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\SendTo [Haroldo]: Transferência de Arquivo Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [Haroldo]: 4shared Desktop.lnk . (...) -- C:\Program Files (x86)\4shared Desktop\desktop.exe (.not file.)
O4 - GS\Desktop [Haroldo]: eType - Atalho.lnk - Chave orfã
O4 - GS\Desktop [Haroldo]: Gerenciador de documentos HP.lnk . (.Hewlett-Packard Development Co. L.P. - HP Document Manager Application.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\Document Manager\hpqdcmgr.exe
O4 - GS\Desktop [Haroldo]: hppiw - Atalho.lnk . (...) -- C:\Users\Haroldo\Downloads\hppiw.exe
O4 - GS\Desktop [Haroldo]: iGBPCEFgb - Atalho.lnk . (.CAIXA - Instalação do Módulo Adicional de Segurança.) -- C:\Users\Haroldo\Downloads\iGBPCEFgb.exe
O4 - GS\Desktop [Haroldo]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\Desktop [Haroldo]: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe
O4 - GS\Desktop [Haroldo]: JavaSetup7u25 - Atalho.lnk . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Haroldo\Downloads\JavaSetup7u25.exe
O4 - GS\Desktop [Haroldo]: RealDownloader - Atalho.lnk . (.RealNetworks, Inc. - RealNetworks Installer.) -- C:\Users\Haroldo\Downloads\RealDownloader.exe
O4 - GS\Desktop [Haroldo]: SendSpace Wizard.lnk . (...) -- C:\Program Files (x86)\SendSpace\Wizard\SendSpace Wizard.exe (.not file.)
O4 - GS\Desktop [Haroldo]: Synthesia - Atalho (2).lnk . (...) -- C:\Program Files (x86)\Synthesia\Synthesia.exe
O4 - GS\Desktop [Haroldo]: USB-Serial Controller D - Atalho.lnk - Chave orfã
~ Global Startup: 91 Legitimates Filtered in 00mn 01s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] . (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe =>PUP.Mobogenie
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1335456900-3083802626-1046228050-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
~ Application: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bnb.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: LiveUpdate (LiveUpdateSvc) . (...) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (.not file.)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
~ Services: 8 Legitimates Filtered in 00mn 05s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SaveSense.job [300] =>PUP.SaveSense
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [SaveSense] (...) -- C:\Users\Haroldo\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.SaveSense
[MD5.00000000000000000000000000000000] [APT] [{0192EDC2-4674-4C18-9654-8B4E15EA09FE}] (...) -- C:\Users\Haroldo\Local Settings\Application Data\Bundled software uninstaller\biclient.exe (.not file.) [0] =>Adware.MegaSearch
[MD5.75527EA7A3B425057B56A6ED32235A49] [APT] [{034272E9-5FEC-4514-A296-C85B01BFB84C}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFsf (1).exe [2546504]
[MD5.00000000000000000000000000000000] [APT] [{25BA5005-E8E8-4D54-8D5D-D4B710DF1B01}] (...) -- C:\Users\Haroldo\Downloads\Receitanet-1.01.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2DD37305-FE0D-45CD-9C4B-F218C32B90B7}] (...) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe (.not file.) [0] =>PUP.Babylon
[MD5.00000000000000000000000000000000] [APT] [{37DB0EDD-08DF-4F2D-A447-7C714BD89B59}] (...) -- C:\Users\Haroldo\Downloads\iGBPCEFgb (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3B9CF36A-0763-4427-A895-D5D87B4BB632}] (...) -- C:\Java 2 SDKé SE v1.4.2_05.msi" (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{427F09D8-960B-4DC8-96E8-9CF683DD0F68}] (...) -- D:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5244B429-E3A3-413C-BFD0-63A86D94CE24}] (...) -- C:\Program Files (x86)\PERDCOMPv5.1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5B63534B-2730-439E-A568-BBC2640B2DDC}] (...) -- C:\Java 2 SDKé SE v1.4.2_05.msi" (.not file.) [0]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{630983C1-05B8-4F20-86CD-8D4CBB21A9B6}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe [31232]
[MD5.00000000000000000000000000000000] [APT] [{66F885D9-4592-448C-B660-6B72E670C383}] (...) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6A13F065-E938-43BF-940A-406DFC62840C}] (...) -- D:\setup.exe (.not file.) [0]
[MD5.27902E96B1E4661AB91F98434E408357] [APT] [{98FB337E-089B-4AAB-9FA2-ECF4075B703E}] (...) -- C:\Users\Haroldo\Downloads\ReceitanetJava2010.02d_setup_win32.exe [3798462]
[MD5.00000000000000000000000000000000] [APT] [{AD86798F-A0AB-4750-949E-0F4CEB1BFA60}] (...) -- C:\Arquivos de Programas RFB\IRPF2012\uninstall.exe (.not file.) [0]
[MD5.94EF903B133408E36851BBFD7B656A3B] [APT] [{BBC50839-8C50-48D6-880B-BC3D6465B7F6}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFgb.exe [2425672]
[MD5.00000000000000000000000000000000] [APT] [{C02122F8-F71D-41F6-83FF-1D3D4BBB030E}] (...) -- C:\Program Files (x86)\IRPF2012win32v1.0.exe (.not file.) [0]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{C6BA3CFF-5A65-409E-ABD3-40CDCF2FE6C3}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe [135168]
[MD5.F9B2E8A93DD9DDB713FE3693B90314CA] [APT] [{CC33EF03-81DA-46CE-A364-A88BF0933152}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFsf.exe [2546504]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{DB832CA8-2708-4467-8026-9429EC8018AA}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe [135168]
[MD5.00000000000000000000000000000000] [APT] [{F224B36E-37C3-4F16-AD59-18B3E865FFAA}] (...) -- C:\Users\Haroldo\AppData\Local\TNT2\2.0.0.1627\TNT2User.exe (.not file.) [0]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{F4AAB967-B985-4618-93A9-47D6C488AB70}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe [135168]
[MD5.00000000000000000000000000000000] [APT] [{FA5E9D68-B8C8-4A92-9820-4F6FF8736944}] (...) -- C:\Users\Haroldo\Downloads\iGBPCEFgb (2).exe (.not file.) [0]
~ Scheduled Task: 45 Legitimates Filtered in 00mn 05s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys =>Adware.BDSearch
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys =>Adware.BDSearch
~ Drivers: 81 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Codec Pack Packages - (...) [HKCU][64Bits] -- Codec Pack Packages
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: Módulo Adicional de Segurança CAIXA - (...) [HKLM][64Bits] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 23 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\5Oftwares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\BrowseForTheCause] =>Adware.BrowseForTheCause
[HKCU\Software\GbAs]
[HKCU\Software\MiniGet]
[HKCU\Software\Pro-SoftNet]
[HKCU\Software\Zugara Investment]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\OnLineTV Toolbar]
[HKLM\Software\Wow6432Node\Programas RFB]
[HKLM\Software\Wow6432Node\VBMZ] =>PUP.Duuqu
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 323 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/02/2014 - 18:46:13 - [0.000] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 17/04/2013 - 11:25:42 - [8.843] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 16/02/2014 - 11:17:02 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 16/02/2014 - 03:36:07 - [0.000] ----D C:\ProgramData\Baidu =>Adware.BDSearch
O43 - CFD: 23/09/2013 - 22:44:29 - [103.601] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/02/2013 - 05:05:38 - [3.699] ----D C:\ProgramData\IDriveSync
O43 - CFD: 12/02/2014 - 15:29:46 - [0.000] ----D C:\ProgramData\ProductData
O43 - CFD: 09/02/2014 - 01:08:42 - [0.000] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 04/02/2014 - 22:50:34 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 02/11/2012 - 23:29:54 - [23.535] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 16/02/2014 - 14:09:42 - [0] ----D C:\Users\Haroldo\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 13/06/2013 - 19:32:00 - [4.729] ----D C:\Users\Haroldo\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/03/2013 - 02:25:51 - [0.226] ----D C:\Users\Haroldo\AppData\Roaming\BaiduPcFaster =>Adware.BDSearch
O43 - CFD: 12/02/2013 - 05:24:58 - [0.819] ----D C:\Users\Haroldo\AppData\Roaming\IDriveSync
O43 - CFD: 16/03/2013 - 02:22:48 - [0] ----D C:\Users\Haroldo\AppData\Roaming\PCF
O43 - CFD: 12/08/2013 - 23:11:24 - [0.876] ----D C:\Users\Haroldo\AppData\Local\BeamriseUninstall =>Hijacker.Beamrise
O43 - CFD: 16/02/2014 - 11:15:12 - [0] ----D C:\Users\Haroldo\AppData\Local\genienext
O43 - CFD: 22/06/2013 - 14:34:40 - [26.460] ----D C:\Users\Haroldo\AppData\Local\{35A3A4F2-B792-11D6-A78A-00B0D0142050}
O43 - CFD: 12/04/2013 - 12:23:40 - [0.004] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
~ Program Folder: 218 Legitimates Filtered in 00mn 41s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/02/2014 - 02:04:33 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.19DC175DBFE8BA0A295A76C352009EB3] - 07/02/2014 - 09:42:53 ---A- . (...) -- C:\log.txt [5072]
O44 - LFC:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 08/02/2014 - 15:23:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032] =>Adware.BDSearch
O44 - LFC:[MD5.DFC1681F6645CB2AEA83897588F05362] - 08/02/2014 - 15:23:54 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O44 - LFC:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 08/02/2014 - 15:23:56 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992] =>Adware.BDSearch
O44 - LFC:[MD5.B2DF64EAED309C82B86A0C2B253293BC] - 10/02/2014 - 02:51:54 ---A- . (...) -- C:\cleaner.bat [305]
O44 - LFC:[MD5.0E3E24C51918CDC23C964509A02B5834] - 16/02/2014 - 14:21:04 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [137576]
O44 - LFC:[MD5.24A53D225FD52765ECD6A7AC0C842002] - 16/02/2014 - 14:21:04 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [697294]
~ Files: 70 Legitimates Filtered in 00mn 10s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\AppsHat [Key] . (...) -- C:\Users\Haroldo\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (.not file.) =>Adware.MegaSearch
O53 - SMSR:HKLM\...\startupreg\Deskmedia [Key] . (...) -- C:\Positivo\Deskmedia\Downloader.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\M-Downloader [Key] . (...) -- C:\Program Files (x86)\M-Downloader\Updater.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\PSafeTray [Key] . (...) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\PSafeWDS [Key] . (...) -- C:\Program Files (x86)\PSafe\PSafeWDS.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\VDownloader [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
O53 - SMSR:HKLM\...\startupreg\WirelessConnect [Key] . (...) -- C:\Program Files (x86)\3G HSDPA Modem\netcard.exe (.not file.)
~ SMSR Keys: 26 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.BC647F1F9DCE55B05B54683260ECE4FB] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 13/01/2014 - 12:18:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 13/01/2014 - 12:18:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032] =>Adware.BDSearch
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992] =>Adware.BDSearch
O58 - SDL:[MD5.952448355A7C0626B140A66EFC9600F7] - 25/10/2013 - 14:59:28 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\cashnbackdrv.sys [43536]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 16/02/2014 - 14:12:31 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 16 Legitimates Filtered in 00mn 10s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER =>Adware.BDSearch
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON =>Adware.BDSearch
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT =>Adware.BDSearch
~ Legacy: 101 Legitimates Filtered in 00mn 01s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Beamrise.NWXK3OVJXTZ6HLOWY455TDRZ2Y> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Haroldo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {B74F4321-8F3B-4A8C-99A6-AA6D7E469B0C} [DefaultScope] - (Microsoft) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784] =>Adware.BDSearch
[MD5.717734829161ED8635258310EC060D90] [SPRF][31/01/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Haroldo\AppData\Roaming\unins000.exe [717827]
[MD5.54A09129F5DF69BBBA3095894DF6788C] [SPRF][02/08/2013] (.No owner - K-Lite Codec Pack Setup.) -- C:\Users\Haroldo\Desktop\K-Lite_Codec_Pack_975_Standard.exe [14153812]
[MD5.EB337CDFA1E9B69F951A75631D2B484E] [SPRF][09/06/2010] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll [113192]
~ Files: 4 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{47F89856-8FA4-48E3-BB83-0D7E190D1B12}" |In - None - P17 - TRUE | .(...) -- D:\setup\hpznui40.exe (.not file.)
O87 - FAEL: "{65D0FC0D-8F4B-47C0-B500-CA0DE5040426}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{06EDD37C-EC2B-4BC0-AEA8-E93DCC7730B6}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{FF7F0567-429D-4C47-9618-4FF4F6309E07}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\PSafe\PSRsync.exe (.not file.)
O87 - FAEL: "{82065A52-540A-44E6-AB20-C92958952E97}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\PSafe\PSRsync.exe (.not file.)
O87 - FAEL: "{84307AD3-61D7-4199-A9DC-8FE9456DD34D}" |In - Private - P6 - FALSE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\incredibar_installer.exe (.not file.) =>Adware.IncrediBar
O87 - FAEL: "{C7DF20F1-F525-452E-BA5E-81DBC18ACA87}" |In - Private - P17 - FALSE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\incredibar_installer.exe (.not file.) =>Adware.IncrediBar
O87 - FAEL: "{714C4005-B904-4E50-9D5D-05CBECAD5945}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\PSafe\PSRsync.exe (.not file.)
O87 - FAEL: "{DAA57657-BDFA-476A-A1DC-360849D4872F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\PSafe\PSRsync.exe (.not file.)
O87 - FAEL: "{0486D24A-3E4C-4C40-A915-D637EC63D78E}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS485E\hppiw.exe (.not file.)
O87 - FAEL: "{C3843F4B-7E83-4DA6-998C-BD50194FED81}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS485E\hppiw.exe (.not file.)
O87 - FAEL: "{B5EDA8BF-021B-4AC4-87DD-C270E3CD9029}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS488E\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{08E8B611-098F-4229-A155-20647F5326A5}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS488E\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{C5435E1A-2B6A-4A7A-80C1-0FA3C2624134}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Roaming\IDriveSync\IDriveSync_Service.exe (.not file.)
O87 - FAEL: "{DCCFC208-E440-4585-875D-6C88DF78F349}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Roaming\IDriveSync\IDriveSync_Service.exe (.not file.)
O87 - FAEL: "{E7E6051E-A7D4-4525-8156-AFA08F512EAD}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Roaming\IDriveSync\idevsutil.exe (.not file.)
O87 - FAEL: "{4710EFAA-44AA-4008-B86D-106C452D2E98}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Roaming\IDriveSync\idevsutil.exe (.not file.)
O87 - FAEL: "TCP Query User{734B72A2-F4CD-4451-BB40-9C224C27999C}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\nero\nero 7\nero home\nerohome.exe (.not file.)
O87 - FAEL: "UDP Query User{5756381F-B29F-4A0C-9FE9-F6534FE57D43}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\nero\nero 7\nero home\nerohome.exe (.not file.)
O87 - FAEL: "{8F0ACAFF-70EF-4283-91F6-9F5968A97A11}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS56EA\hppiw.exe (.not file.)
O87 - FAEL: "{8746ED06-FE73-4C36-B457-C0EF865C6FC2}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS56EA\hppiw.exe (.not file.)
O87 - FAEL: "{33A9FC66-3BFF-4DB4-B6C2-A2E655C1A653}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5A80\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{9EB1309E-5757-4A66-BB13-45E6EF3280EB}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5A80\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{8A1E17FA-4FC1-4F97-A673-D62AB3F353C5}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5AF2\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{35427B54-9D71-4241-96F9-17912A8A9D34}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5AF2\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{AC90D32A-DBF6-4F7F-9434-F4CB677F4F9B}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5DC7\hppiw.exe (.not file.)
O87 - FAEL: "{6119C111-602F-4628-AF68-79FCA6A0A62B}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5DC7\hppiw.exe (.not file.)
O87 - FAEL: "{338A1C1A-101E-4CBC-BBFD-89EA5A1CEF17}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS7E75\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{5C62C499-4E39-44BA-9E43-214A2F7F2C8D}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS7E75\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{E14F4F76-7D46-46F9-9754-8A7E6D07C996}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS7F4A\hppiw.exe (.not file.)
O87 - FAEL: "{28C320E0-4674-452E-8CCA-9047F82B9DAB}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS7F4A\hppiw.exe (.not file.)
O87 - FAEL: "{DD1B9908-D56F-4466-824F-6507D391E28C}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS0182\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{10EF55D1-7E7F-474F-964F-32EB7D4157FF}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS0182\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{95DF3161-9C07-472D-84F5-AB5D9C54D3E5}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS23D3\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{42C1D046-A0F8-4FC6-9C0C-4A8A79346645}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS23D3\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{903F3B0E-14D9-4D4D-96AB-2BB8236A6E05}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS50FB\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{FF1B3D15-428F-46A7-A01F-C2FC226A5904}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS50FB\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{9543B847-593C-4D6D-8BDB-70A290937994}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS2EBA\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{7BAB4A6C-DF7E-4CCF-8E87-CAE59C424F7F}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS2EBA\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{F96A97E8-F9D2-482D-A651-81D3EA9FD3E6}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS4CDB\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{33ED9231-6B35-4712-9A58-8146B2CCCB4F}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS4CDB\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{DFF42162-B800-4B63-A90A-BECE1CDF1830}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS7E14\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{CC139FCE-4D64-4A17-82DF-890BB2752405}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS7E14\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{E2B7604D-5694-4B54-A610-2E5E50BB32FB}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS33B9\hppiw.exe (.not file.)
O87 - FAEL: "{7F351016-277C-4E74-8832-151CA41CF539}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS33B9\hppiw.exe (.not file.)
O87 - FAEL: "{226D73E0-5754-410B-AAAD-9D402BF7490C}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS4478\hppiw.exe (.not file.)
O87 - FAEL: "{962E2932-84FB-4C37-BB99-1A2D2D0F15FE}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS4478\hppiw.exe (.not file.)
O87 - FAEL: "{9C4E3688-3F0F-4A00-8F8F-6FD254F6F509}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS4903\hppiw.exe (.not file.)
O87 - FAEL: "{6D4011A1-6CC8-4550-B4CD-19B3FFF7126D}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS4903\hppiw.exe (.not file.)
O87 - FAEL: "{83C97E3A-9C0A-4EF0-9497-5E5D20A67780}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS4D3F\hppiw.exe (.not file.)
O87 - FAEL: "{B8E4A7B9-D5E0-4B79-A24A-EC5C24FFF02C}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS4D3F\hppiw.exe (.not file.)
O87 - FAEL: "{675D9F2F-59F8-4EB4-8B03-4E344D7507C4}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS56AC\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{8FF8C83A-D37C-4898-BDD1-BF8B85ED5738}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS56AC\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{41C53656-9A40-4EAD-99F0-50CA2EA6E769}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS6350\hppiw.exe (.not file.)
O87 - FAEL: "{68B06E4B-82C9-4A0D-8358-67FCBBF1EA92}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS6350\hppiw.exe (.not file.)
O87 - FAEL: "{34F4F8C3-A104-4984-B319-FAA70459E1D3}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS6C93\hppiw.exe (.not file.)
O87 - FAEL: "{7ED77EB7-F246-499A-AC0D-4703408713D5}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS6C93\hppiw.exe (.not file.)
O87 - FAEL: "{2CB4823C-BCE8-40C2-AC73-0FB60943E618}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS2C9B\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{906337E2-9573-44E6-BFC4-D23D93819FB4}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS2C9B\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{91C3B938-0EE0-4019-A83A-241C0FA287C5}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS0EAF\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{6C236572-233C-4C92-A5E5-1C9A72D682A5}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS0EAF\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{C4FDEA45-483D-4CC0-B270-F748629EC59A}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS2958\hppiw.exe (.not file.)
O87 - FAEL: "{D69D1FC0-D1F2-493F-9D06-F16092E677D8}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS2958\hppiw.exe (.not file.)
O87 - FAEL: "{5BC32E2E-D736-40C6-8BD5-27E64BE1BA8D}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS52C0\hppiw.exe (.not file.)
O87 - FAEL: "{38C17968-15C2-48C5-9010-BECE8AEFAE31}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS52C0\hppiw.exe (.not file.)
O87 - FAEL: "{05899123-D7E9-489C-AD5F-7F356DB2F3CD}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5628\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{2D88F06D-6B2A-44D2-83AA-4ECF72D53AB4}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5628\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{93BD0257-1284-4F50-9227-EDD6E4B015D3}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5976\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{C65C0086-8AED-4E2F-821A-A68AC31E0A61}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5976\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{C843ED7D-2E1F-427D-80F2-0EC37A2DCF4A}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5B5C\hppiw.exe (.not file.)
O87 - FAEL: "{D94C3603-A28D-4564-BCF5-4BD52C379F2E}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5B5C\hppiw.exe (.not file.)
O87 - FAEL: "{DE3F7A0B-13B1-44C7-BE71-7405A991CA0F}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5C47\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{62BCABAB-5C99-4290-B5EE-EE31609B4AD5}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5C47\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{C1F20B55-6FF6-4D35-98E3-EAE5ED2895E6}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS1F6E\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{9C1D9C6E-A66F-4472-B363-5C9BAB30262D}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS1F6E\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{14B3F06D-166D-421A-87D7-1D0C952C63CF}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5A7A\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{DEE889F0-58F4-4DFE-AC11-8DFA1B2632ED}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS5A7A\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{2F0E7885-3335-4684-B8C2-EB2B7666D010}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS776F\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{53AB3853-0CFE-4398-A985-BAA420B2210A}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS776F\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "TCP Query User{EC4E8E78-7F17-4487-A31E-26212CFC3A0D}C:\program files (x86)\miniget\miniget.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\miniget\miniget.exe (.not file.)
O87 - FAEL: "UDP Query User{B043D76D-1AFC-4884-B2D1-BA7FB82172A0}C:\program files (x86)\miniget\miniget.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\miniget\miniget.exe (.not file.)
~ Firewall: 304 Legitimates Filtered in 00mn 01s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0D03E1EDCFA57B1CD67B92034B663330] [WIS][13/07/2012] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\206549a.msi [28160] =>Toolbar.Google
[MD5.227869C36057138BEE2CED499155872F] [WIS][28/07/2013] (.TuneUp Software - TuneUp Utilities Language Pack (pt-BR).) -- C:\Windows\Installer\76dcb4.msi [2547712]
[MD5.55AE59D648BE8E81535D97ED48D14678] [WIS][18/11/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\85ffc.msi [522752]
~ WIS: 68 Legitimates Filtered in 00mn 11s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 04/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/07/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/07/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Auto 10/07/1658 0 | (LiveUpdateSvc) . (...) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 31/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/09/2009 1420560 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 16/10/2013 452968 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 17/12/2013 46904 | (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 21/09/2009 831760 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Demand 10/07/1658 1255736 | (WatAdminSvc) . (...) - C:\Windows\System32\Wat\WatAdminSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 12s

---\\ Scâner Aditional (088)
Database Version : 13031 - (14/02/2014)
Clés trouvées (Keys found) : 17
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 14

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AppsHat] =>Adware.MegaSearch^
[HKCU\Software\BrowseForTheCause] =>Adware.BrowseForTheCause
[HKLM\Software\Wow6432Node\VBMZ] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mkphdmdimfojogdackodkdbgokgckfkf] =>PUP.SocialKredits
[HKCU\Software\AppDataLow\Software\SocialKredits] =>PUP.SocialKredits
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKCU\Software\USyndication] =>Trojan.USyndication
[HKCU\Software\usyndication.com] =>Trojan.USyndication
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm] =>Riskware.Movly
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] =>Adware.BDSearch
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Haroldo\AppData\Roaming\Baidu =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Roaming\BaiduPcFaster =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Local\BeamriseUninstall =>Hijacker.Beamrise^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools =>Toolbar.4shared
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe =>PUP.Mobogenie^
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe =>Toolbar.Google^
C:\Program Files (x86)\Mobogenie\mgusb.exe =>PUP.Mobogenie^
C:\Windows\Tasks\SaveSense.job =>PUP.SaveSense^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\ProgramData\FileSplitUpLoad.dll =>Adware.BDSearch^
C:\Windows\Installer\206549a.msi =>Toolbar.Google^
~ Additionnel Scan: 274271 Items scanned in 00mn 30s

---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Mobogenie
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Eseeky
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveSense
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.22Find
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseForTheCause
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Duuqu
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Incredibar
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Dealio
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.eSafeSecurity
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.USyndication
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Riskware.Movly
~ MSI: 23 link(s) detected in 00mn 30s

~ 1392 Legitimates filtered by white list
End of the scan (707 lines in 02mn 31s)(0)

por **Power Max** Dom 16 Fev 2014, 15:54

Remoção de malwares do meu computador 648673379

Olá. Seja bem vindo ao Fórum PC Brasil.

Remoção de malwares do meu computador 772309

Estou analisando seu relatório e daqui há pouco te passo o próximo procedimento.

por **Power Max** Dom 16 Fev 2014, 16:30

Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)
_____________________________________________________________________________________________________________

Remoção de malwares do meu computador 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por pamonha Seg 17 Fev 2014, 12:44

À atenção de "Power Max":

Meu prezado amigo...

Sou "marinheiro de primeira viagem..."... Quando você diz "Copie" tudo de vermelho, seria "copiar" e "colar"... se for, onde vou "colar"? Careço de mais esse empurrãozinho...

por **Power Max** Seg 17 Fev 2014, 13:00

pamonha escreveu:À atenção de "Power Max":

Meu prezado amigo...

Sou "marinheiro de primeira viagem..."... Quando você diz "Copie" tudo de vermelho, seria "copiar" e "colar"... se for, onde vou "colar"? Careço de mais esse empurrãozinho...

Primeiro você seleciona com o mouse todo aquele texto em vermelho que te passei. Depois você clica com o botão direito do mouse sobre esta seleção e escolhe a opção de Copiar.

Depois disto vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por pamonha Seg 17 Fev 2014, 13:44

Prezado Max,

Faço aqui a postagem do relatório, aguardando uma possível reorientação.

Rapport de ZHPFix 2014.2.16.5 par Nicolas Coolman, Update du 16/02/2014
Fichier d'export Registre :
Run by Haroldo at 17/02/2014 13:20:43
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 06s)
Reparação de atalhos do navegador

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
ELIMINÉ: Memory Process: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
ELIMINÉ: Memory Process: C:\Program Files (x86)\Mobogenie\mgusb.exe
ELIMINÉ: Memory Process: C:\Users\Haroldo\AppData\Roaming\unins000.exe

========== Modulos memória ==========
ELIMINÉ: Memory Module: C:\ProgramData\FileSplitUpLoad.dll

========== Estado dos serviços ==========
BFILTER Parado
BFMON Parado
BPROTECT Parado

========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\BrowseForTheCause
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\VBMZ
ELIMINÉ: HKLM\Software\Wow6432Node\baidu
ELIMINÉ: HKLM\Software\Wow6432Node\supTab
ELIMINÉ: HKLM\Software\Wow6432Node\supWPM
ELIMINÉ:* StartupReg: AppsHat
ELIMINÉ:* StartupReg: Deskmedia
ELIMINÉ:* StartupReg: M-Downloader
ELIMINÉ:* StartupReg: PSafeTray
ELIMINÉ:* StartupReg: PSafeWDS
ELIMINÉ:* StartupReg: WirelessConnect
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
ELIMINÉ: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
ELIMINÉ: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mkphdmdimfojogdackodkdbgokgckfkf
ELIMINÉ: HKCU\Software\AppDataLow\Software\SocialKredits
ELIMINÉ: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc
ELIMINÉ: HKCU\Software\USyndication
ELIMINÉ: HKCU\Software\usyndication.com
ELIMINÉ: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
ELIMINÉ: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
ELIMINÉ RunValue: swg
ELIMINÉ RunValue: mobilegeni daemon
ELIMINÉ: {47F89856-8FA4-48E3-BB83-0D7E190D1B12}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R1 Search Page =

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ:* c:\program files (x86)\mobogenie\daemonprocess.exe
ELIMINÉ: c:\users\haroldo\appdata\roaming\mozilla\firefox\profiles\extensions\searchplugins\eseeky-search.xml
ELIMINÉ: c:\users\haroldo\appdata\roaming\mozilla\firefox\profiles\extensions\searchplugins\improvedsearch.xml
ELIMINÉ: c:\users\public\desktop\google chrome.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Public\Desktop\Google Chrome.lnk
ELIMINÉ: c:\users\haroldo\appdata\roaming\microsoft\internet explorer\quick launch\4shared desktop.lnk
ELIMINÉ: c:\users\haroldo\appdata\roaming\microsoft\internet explorer\quick launch\google chrome.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
ELIMINÉ: c:\users\haroldo\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
ELIMINÉ: c:\users\haroldo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\google chrome.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
ELIMINÉ: c:\users\haroldo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer (64-bit).lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (64-bit).lnk
ELIMINÉ: c:\program files (x86)\mobogenie\mobogenie.exe
ELIMINÉ: c:\users\haroldo\appdata\roaming\microsoft\windows\start menu\programs\30 dicas para o google chrome - parte 2 - internet - ig.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\30 dicas para o Google Chrome - Parte 2 - Internet - iG.lnk
ELIMINÉ: c:\users\haroldo\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
ELIMINÉ: c:\users\haroldo\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
ELIMINÉ: c:\users\haroldo\desktop\4shared desktop.lnk
ELIMINÉ: c:\users\haroldo\desktop\internet explorer (64-bit).lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Haroldo\Desktop\Internet Explorer (64-bit).lnk
ELIMINÉ: c:\users\haroldo\desktop\sendspace wizard.lnk
ELIMINÉ: c:\windows\tasks\savesense.job
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ: C:\Windows\Installer\206549a.msi
ELIMINÉ Temporários windows (102) (218050119 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: RunAsStdUser
ELIMINÉ: SaveSense
ELIMINÉ: {0192EDC2-4674-4C18-9654-8B4E15EA09FE}
ELIMINÉ: {25BA5005-E8E8-4D54-8D5D-D4B710DF1B01}
ELIMINÉ: {2DD37305-FE0D-45CD-9C4B-F218C32B90B7}
ELIMINÉ: {37DB0EDD-08DF-4F2D-A447-7C714BD89B59}
ELIMINÉ: {3B9CF36A-0763-4427-A895-D5D87B4BB632}
ELIMINÉ: {427F09D8-960B-4DC8-96E8-9CF683DD0F68}
ELIMINÉ: {5244B429-E3A3-413C-BFD0-63A86D94CE24}
ELIMINÉ: {5B63534B-2730-439E-A568-BBC2640B2DDC}
ELIMINÉ: {66F885D9-4592-448C-B660-6B72E670C383}
ELIMINÉ: {6A13F065-E938-43BF-940A-406DFC62840C}
ELIMINÉ: {AD86798F-A0AB-4750-949E-0F4CEB1BFA60}
ELIMINÉ: {C02122F8-F71D-41F6-83FF-1D3D4BBB030E}
ELIMINÉ: {F224B36E-37C3-4F16-AD59-18B3E865FFAA}
ELIMINÉ: {FA5E9D68-B8C8-4A92-9820-4F6FF8736944}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
4 : Processo memória
1 : Modulos memória
32 : Chaves do Registo
12 : Valores do Registo
3 : Elementos dos dados do Registo
1 : Pastas
32 : Ficheiros
3 : Estado dos serviços
16 : Tarefa planificada
1 : Restauração Sistema

End of clean in 01mn 59s

========== Caminho do ficheiro do relatório ==========
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17/02/2014 13:20:49 [7932]

por **Power Max** Seg 17 Fev 2014, 13:47

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por pamonha Seg 17 Fev 2014, 16:03

Caro Power Max,

Após os procedimentos com o AdwCleaner, procedo à postagem do relatório dele oriundo, ficando no aguardo de futura orientação.

# AdwCleaner v3.019 - Relatório criado 17/02/2014 às 15:43:45
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Haroldo - HAROLDO-PC
# Executando de : C:\Users\Haroldo\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Program Files (x86)\Mobogenie
Pasta Deletada : C:\Users\Haroldo\AppData\Local\emaze
Pasta Deletada : C:\Users\Haroldo\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Haroldo\AppData\Local\webplayer
Pasta Deletada : C:\Users\Haroldo\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Haroldo\Documents\Mobogenie

***** [ Atalhos ] *****

Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Chave Deletedo : HKCU\Software\Classes\pokki
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKCU\Software\GoforFiles
Chave Deletedo : HKLM\Software\GoforFiles
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\Uniblue
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Chave Deletedo : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v

[ Arquivo : C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

-\\ Google Chrome v32.0.1700.107

[ Arquivo : C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [18164 octets] - [14/02/2014 03:14:16]
AdwCleaner[R1].txt - [1170 octets] - [16/02/2014 03:17:49]
AdwCleaner[R2].txt - [1187 octets] - [16/02/2014 03:32:14]
AdwCleaner[R3].txt - [3214 octets] - [17/02/2014 15:38:12]
AdwCleaner[S0].txt - [15819 octets] - [14/02/2014 03:55:29]
AdwCleaner[S1].txt - [1227 octets] - [16/02/2014 03:22:27]
AdwCleaner[S2].txt - [1246 octets] - [16/02/2014 03:34:02]
AdwCleaner[S3].txt - [2932 octets] - [17/02/2014 15:43:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2992 octets] ##########

por **Power Max** Seg 17 Fev 2014, 16:06

Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log do Malwarebytes.

Ficamos no aguardo.

por pamonha Seg 17 Fev 2014, 22:08

Caro Max,

Feitos os procedimentos com o "Malwarebytes Anti-Malware", repasso-lhe o respecticvo relatório (agora zerado), ainda na expectativa de futura possível orientação.

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Haroldo :: HAROLDO-PC [administrador]

Proteção: Não permitir

17/02/2014 16:53:44
mbam-log-2014-02-17 (16-53-44).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 496895
Tempo decorrido: 1 hora(s), 59 minuto(s), 8 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

por **Power Max** Seg 17 Fev 2014, 22:20

Como está o computador após estas limpezas?

por pamonha Ter 18 Fev 2014, 02:19

Caro Power Max,

Meu computador está agora a "florir" num jardim com abelhas e borboletas... sem invasão de pragas como "lagartas e gafanhotos". Bom demais!!!
Cumpre-me destacar aqui sua presteza e capacidade - aliás, seu cognome já bem o define - em nos prestar sua solidariedade e suporte nesses momentos turbulentos. Meu muitíssimo obrigado.

por **Power Max** Ter 18 Fev 2014, 09:09

Fico feliz que o problema tenha sido resolvido.

Só para finalizar faça estes últimos procedimentos, por gentileza:

Remoção de malwares do meu computador 772309

Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).

Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.

Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

__________________________________________________________________________________________________________________

Remoção de malwares do meu computador 772309

Depois disto siga também as dicas deste tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Remoção de malwares do meu computador 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)

*Depois disto é só executá-lo, deixar selecionadas as opções Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique em [Run]

Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt
_______________________________________________________________________________________________________________________

Remoção de malwares do meu computador 648673379

Foi um prazer ajudar. Conte sempre conosco!

por **Power Max** Qui 20 Fev 2014, 12:15

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Remoção de malwares do meu computador