Virus do Fotos Slides Movie, como usar o ZHPDiag

por netoibest Seg 24 Mar 2014, 13:54

bem galera estou com esse virus no pendriver ja tentei de tudo e nada, agora estou tentando usar o ZHPDiag e o ZHPFix, bem o resultado do ZHPgiag deu isso ai em baixo em agora ?

~ Relatório do ZHPDiag v2014.3.24.29 - Nicolas Coolman (24/03/2014)
~ Iniciado por Neto (24/03/2014 13:32:48)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v33.0.1750.154

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8191 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 80 GB (53%) free of 149 GB

---\\ Modo de conexão ao sistema
~ Computer Name: NETO-PC
~ User Name: Neto
~ All Users Names: Neto, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Neto\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Neto\AppData\Roaming\
~ %Desktop% : C:\Users\Neto\Desktop\
~ %Favorites% : C:\Users\Neto\Favorites\
~ %LocalAppData% : C:\Users\Neto\AppData\Local\
~ %StartMenu% : C:\Users\Neto\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 80 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 109 Go of 149 Go)
G: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 10:24:45.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/02/2013 - 03:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 06s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/47
~ Mes Videos (My Videos) : 1/9
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/6
~ Mon Bureau (My Desktop) : 4/277
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 02s

---\\ Processos lançados
[MD5.A0012C1D9B8648C20C00202418B9D02F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712] [PID.2140]
[MD5.923DE81FEE5257055E645AE9236B91D9] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe [1307736] [PID.2472] =>P2P.BitTorrent
[MD5.646A34526CC33BE4CA933C5680D80B48] - (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912] [PID.2788]
[MD5.9D51EA92A612B37E76E5E4621650C50A] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288] [PID.2960]
[MD5.F1E0CCBF73855BD751B51C1F7F2A22AC] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1677160] [PID.3008]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3016]
[MD5.58FBD16C4BB84D9F69C25F30DAA4CE31] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe [158032] [PID.4724]
[MD5.39A7DED370697F03E8AD73D5C3EEABFD] - (.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe [1464000] [PID.1864] =>Adware.BDSearch
[MD5.1A71CA0C02AC3972FCB7FC22C329CD81] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8179200] [PID.5956]
[MD5.EACEC497A6496E2A280348AD67ACF280] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.880]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1464]
[MD5.AC8621C4DF3BD537DAD6705D59763B50] - (.Baidu, Inc. - Baidu Antivirus Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [1995000] [PID.1608]
[MD5.242AD48ED63822F4693927DCDD3BA590] - (.Baidu, Inc. - Baidu Antivirus Hips Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [480920] [PID.2240]
[MD5.974A1F783ED34588B45FAD6375077BA6] - (.Hewlett-Packard Company - SolutionsFrameworkService.) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904] [PID.2368]
[MD5.903A40C958D471F9D30D29FA6D2800A4] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304] [PID.2268]
[MD5.0B6DEA0A1662CAB8F2BF339DC0752EF4] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.2844]
[MD5.7605113BD42CC034B29EFE5248CFE679] - (.Baidu Inc. - Spark Service.) -- C:\Program Files (x86)\baidu\Spark\sparkservice.exe [83648] [PID.2968] =>Adware.BDSearch
[MD5.775A7C4B689C0F112A12AD62064E57D1] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [5093216] [PID.2596]
[MD5.78F7BB9F4924BE164294C59B8C3FC096] - (.Nokia - ServiceLayer Module.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [737616] [PID.3592]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: btorbit.com [64Bits] - {000123B4-9B42-4900-B3F7-F4B073EFC214} . (.Orbitdownloader.com - Orbitcth.) -- C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Neto]: Baidu Spark Browser.lnk . (.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
O4 - GS\QuickLaunch [Neto]: F1Upgrade.lnk . (...) -- C:\Program Files (x86)\NSS\F1UpgradeUtility.exe
O4 - GS\QuickLaunch [Neto]: Fotos 3x4.lnk . (...) -- C:\Program Files (x86)\Fotos 3x4\Foto3x4.exe
O4 - GS\QuickLaunch [Neto]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Neto]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Neto]: MiPony.lnk . (.www.mipony.net - Mipony.) -- C:\Program Files (x86)\MiPony\MiPony.exe
O4 - GS\QuickLaunch [Neto]: NSS.lnk . (.B-phreaks - Nemesis Service Suite.) -- C:\Program Files (x86)\NSS\NSS.exe
O4 - GS\QuickLaunch [Neto]: Orbit.lnk . (.Orbitdownloader.com - Orbit Downloader.) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O4 - GS\QuickLaunch [Neto]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [Neto]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Neto]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Neto]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Neto]: Neto Oliveira.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
O4 - GS\SystemTools [Neto]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Neto]: Baidu Spark Browser.lnk . (.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
~ Global Startup: 61 Legitimates Filtered in 00mn 05s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [AutoKMS] C:\Windows\AutoKMS.exe (.not file.) =>Trojan.Keygen
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [Virus] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Neto\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKCU\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [Defrag] . (.Baidu, Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe =>Adware.BDSearch
O4 - HKCU\..\Run: [Virus] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Neto\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [AdobeBridge] Chave orfã
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [Defrag] . (.Baidu, Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe =>Adware.BDSearch
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [Virus] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE9D722A-867F-49D2-B59E-0673E811D364}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BE9D722A-867F-49D2-B59E-0673E811D364}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{BE9D722A-867F-49D2-B59E-0673E811D364}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu Antivirus Service (BAVSvc) . (.Baidu, Inc. - Baidu Antivirus Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) . (.Baidu, Inc. - Baidu Antivirus Hips Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Spark Browser Service (SparkSvc) . (.Baidu Inc. - Spark Service.) - C:\Program Files (x86)\baidu\Spark\sparkservice.exe =>Adware.BDSearch
~ Services: 12 Legitimates Filtered in 00mn 10s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AmiUpdXp.job [462] =>PUP.Software.Updater
[MD5.4F780B58636CA83AD3472FC9E17B7B1A] [APT] [AmiUpdXp] (...) -- C:\Users\Neto\AppData\Local\f3d73e43-a7ad-4112-960e-78fc74668666\f3d73e43-a7ad-4112-960e-78fc74668666.exe [284160] =>PUP.Software.Updater
[MD5.442DB0F9AEBCD9DA9CB1E5A68B4F4183] [APT] [Baidu Antivirus Update] (.Baidu, Inc..) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUpdater.exe [2856600]
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [{2D72A906-EB31-4832-BD3F-366963441A60}] (...) -- C:\Users\Neto\Downloads\Flash_Disinfector.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 03s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex64.sys
O41 - Driver: (Bndef) . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - C:\Windows\system32\drivers\bndef64.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Fotos 3x4 versao 1.0.0.7 - (.Qualiom Sistemas Computacionais.) [HKLM][64Bits] -- Fotos 3x4_is1
~ Logic: 23 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AUVF]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\baidu] =>Adware.BDSearch
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\sr]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Fotos Slides Movie]
[HKLM\Software\Virus]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles
~ Key Software: 254 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/03/2014 - 18:06:09 - [209,533] ----D C:\Program Files (x86)\baidu =>Adware.BDSearch
O43 - CFD: 20/03/2014 - 13:42:29 - [207,049] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 10/02/2014 - 12:38:06 - [1,312] ----D C:\Program Files (x86)\Fotos 3x4
O43 - CFD: 20/03/2014 - 13:42:34 - [0,166] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 21/03/2014 - 09:44:37 - [0,014] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 01/02/2014 - 18:51:24 - [0,001] ----D C:\ProgramData\Pads
O43 - CFD: 01/02/2014 - 18:51:24 - [0] ----D C:\ProgramData\PadsVs
O43 - CFD: 01/02/2014 - 19:30:33 - [0] --H-D C:\ProgramData\Permission
O43 - CFD: 01/02/2014 - 18:50:55 - [5,531] ----D C:\ProgramData\Procad
O43 - CFD: 20/03/2014 - 13:42:39 - [0,006] ----D C:\Users\Neto\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 14/02/2014 - 00:42:28 - [0,002] ----D C:\Users\Neto\AppData\Roaming\CDROLLER
O43 - CFD: 14/02/2014 - 00:53:47 - [0,002] ----D C:\Users\Neto\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 20/03/2014 - 13:05:11 - [0,272] ----D C:\Users\Neto\AppData\Local\f3d73e43-a7ad-4112-960e-78fc74668666
O43 - CFD: 14/02/2014 - 01:04:00 - [0] ----D C:\Users\Neto\AppData\Local\Lollipop =>Adware.Lollipop
~ Program Folder: 164 Legitimates Filtered in 00mn 25s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8056D6CAA5B399ECE60988AAA4413B55] - 11/03/2014 - 18:10:14 ---A- . (...) -- C:\fraglist.luar [1285]
O44 - LFC:[MD5.F1B4DB491CEA07321EEF35C180771022] - 16/03/2014 - 05:25:27 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [141760]
O44 - LFC:[MD5.C920D0D8A591B7B140AAA518B15B42E0] - 17/03/2014 - 23:57:19 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex64.sys [91648]
O44 - LFC:[MD5.45E3AB0CBC6C5B2DE19F39CA2AA6396D] - 17/03/2014 - 23:57:19 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef64.sys [70944]
O44 - LFC:[MD5.1EE21D1F1F8CA0FCA2DB47628029406C] - 20/03/2014 - 13:42:39 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [55616]
O44 - LFC:[MD5.CFC0F0026891004B27A2BE88028C02DE] - 20/03/2014 - 13:42:42 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [37696] =>Adware.BDSearch
O44 - LFC:[MD5.BFA6A4793A92B9A84A851304B3C72B6D] - 24/03/2014 - 12:06:37 ---A- . (...) -- C:\Archive.ini [47]
~ Files: 13 Legitimates Filtered in 01mn 25s

---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
~ Keys Export: 2 Legitimates Filtered in 00mn 00s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{33e5f441-875c-11e3-b359-6c626df42974}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{40378408-85ce-11e3-ac86-6c626df42974}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.1EE21D1F1F8CA0FCA2DB47628029406C] - 23/01/2014 - 03:57:08 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [55616]
O58 - SDL:[MD5.CFC0F0026891004B27A2BE88028C02DE] - 16/01/2014 - 05:53:30 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [37696] =>Adware.BDSearch
O58 - SDL:[MD5.C920D0D8A591B7B140AAA518B15B42E0] - 17/03/2014 - 23:57:19 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex64.sys [91648]
O58 - SDL:[MD5.45E3AB0CBC6C5B2DE19F39CA2AA6396D] - 17/03/2014 - 23:57:19 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef64.sys [70944]
O58 - SDL:[MD5.F1B4DB491CEA07321EEF35C180771022] - 16/03/2014 - 05:25:27 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [141760]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.330F1D07DC31B3D159E4C6CB2AED17E7] - 25/06/2012 - 15:44:52 ---A- . (.PROTEQ - Driver do C500 da PROTEQ para Windows NT.) -- C:\Windows\SysWOW64\drivers\Proteq.sys [7598]
~ Drivers: 16 Legitimates Filtered in 00mn 03s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 16/01/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys (BdApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 16/01/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys (BdCameraProtect) .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT
O64 - Services: CurCS - 23/01/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 16/01/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON =>Adware.BDSearch
O64 - Services: CurCS - 17/03/2014 - C:\Windows\System32\drivers\bnbasex64.sys (Bnbase) .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
O64 - Services: CurCS - 17/03/2014 - C:\Windows\system32\drivers\bndef64.sys (Bndef) .(.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - LEGACY_BNDEF
O64 - Services: CurCS - 16/03/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
O64 - Services: CurCS - 01/01/1601 - C:\Windows\system32\vmbusres.dll (vmbus) .(...) - LEGACY_VMBUS
~ Legacy: 82 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <BDIPCSHTML>[HKCU\..\open\Command] (.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Spark> <>[HKLM\..\Shell\open\Command] (.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{EB53C69E-0653-44D4-8A67-EA786DEDA72F}C:\windows\kmsemulator.exe" |In - Private - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "UDP Query User{4202904F-C592-4356-B760-39A0C878AB70}C:\windows\kmsemulator.exe" |In - Private - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "{8BA20364-CFAF-4623-8BE2-E8D46D8F48BE}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{6F4297CB-7879-4293-A2AD-5C0B08DA7C11}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{E2ECAFB6-998D-470F-BF2E-26564EC63D9A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{3BDB8EE2-7A86-4383-AAEC-8AB391A564B1}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{52A9BBFB-0816-4526-B3AA-7DDEB3AD8E9E}" | In - Private - P6 - TRUE | .(.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
O87 - FAEL: "{CE4AD4D1-74CE-4D93-BC22-DD6E7E0129F2}" | In - Private - P17 - TRUE | .(.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
O87 - FAEL: "{E3D7842B-8126-47CF-B993-DA4E18D4E3B7}" | In - Private - P6 - TRUE | .(.Baidu Inc. - Spark dumper.) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe =>Adware.BDSearch
O87 - FAEL: "{49E8D65D-4A3F-4CDC-91BD-86B61C44C13A}" | In - Private - P17 - TRUE | .(.Baidu Inc. - Spark dumper.) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe =>Adware.BDSearch
O87 - FAEL: "TCP Query User{6CCA4928-0F1E-4903-9022-C37C3BD6DAF3}C:\program files (x86)\youwave_android\vb\vboxsdl.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\youwave_android\vb\vboxsdl.exe (.not file.)
O87 - FAEL: "UDP Query User{6F30E1CC-B61E-4B8C-9F78-3A2C2C84239A}C:\program files (x86)\youwave_android\vb\vboxsdl.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\youwave_android\vb\vboxsdl.exe (.not file.)
~ Firewall: 223 Legitimates Filtered in 00mn 01s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 20/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 20/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 18/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/03/2014 1995000 | (BAVSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
SR - | Auto 19/03/2014 480920 | (BHipsSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
SR - | Auto 17/12/2013 46904 | (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SR - | Auto 09/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 09/12/2013 15129376 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 19/12/2013 922912 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 24/07/2009 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 07/02/2014 83648 | (SparkSvc) . (.Baidu Inc..) - C:\Program Files (x86)\baidu\Spark\sparkservice.exe =>Adware.BDSearch
SR - | Auto 19/12/2013 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 07/02/2014 5093216 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 16s

---\\ Scâner Aditional (088)
Database Version : 13031 - (24/03/2014)
Clés trouvées (Keys found) : 11
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 7
Fichiers trouvés (Files found) : 13

[HKLM\SYSTEM\CurrentControlSet\Services\SparkSvc] =>Adware.BDSearch^
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater
[HKLM\Software\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater
[HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}] =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKLM\Software\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKLM\Software\Classes\Updater.AmiUpd] =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd.1] =>PUP.Software.Updater
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}] =>PUP.Software.Updater
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:AutoKMS =>Trojan.Keygen^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\baidu =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Neto\AppData\Roaming\Baidu =>Adware.BDSearch^
C:\Users\Neto\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles^
C:\Users\Neto\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch^
C:\Program Files (x86)\baidu\Spark\sparkservice.exe =>Adware.BDSearch^
C:\Windows\Tasks\AmiUpdXp.job =>PUP.Software.Updater^
C:\Users\Neto\AppData\Local\f3d73e43-a7ad-4112-960e-78fc74668666\f3d73e43-a7ad-4112-960e-78fc74668666.exe =>PUP.Software.Updater^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^
[HKCU\Software\baidu] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^
~ Additionnel Scan: 250332 Items scanned in 00mn 17s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Software.Updater
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.ExpressFiles
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallCore
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Spyware.Soft2PC
~ MSI: 8 link(s) detected in 00mn 17s

~ 1044 Legitimates filtered by white list
End of the scan (529 lines in 03mn 19s)(0)

por **Power Max** Seg 24 Mar 2014, 14:20

Virus do Fotos Slides Movie, como usar o ZHPDiag 648673379

Olá Neto.

No seu relatório está constando o antivirus Baidu, que muitos preferem desinstalar. Você quer continuar com ele ou quer removê-lo?

por netoibest Seg 24 Mar 2014, 16:47

Pronto desinstalei o antivírus, e agora oq eu faço ? para usar o ZHPFix e o ZHPDiag, tirar aquele maldito virus do pendriver

por **Power Max** Seg 24 Mar 2014, 19:05

Virus do Fotos Slides Movie, como usar o ZHPDiag 772309

Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalar e executå- lo corretamente siga as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste o relatório do McShield Anti-Malware Tool que terá o nome MCShield-AllScans.txt, o qual estará na área de trabalho (Desktop) de seu PC.

por netoibest Seg 24 Mar 2014, 23:33

MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.4.27 / DB: 2014.3.23.1 / Windows 7 <<<

24/03/2014 23:34:40 > Unidade G: - escanemaneto iniciado (sem rotulo ~3819 MB, NTFS unidade flash )...

---> Executando rotinas genéricas de S&D... Procurando por arquivos escondidos pelo malware...

---> Itens para processar: 3

---> G:\Curriculum.doc > removido atributo oculto.

---> G:\Fotos Slides Movie.vbe > removido atributo oculto.

---> G:\Virus.vbe > removido atributo oculto.

>>> G:\Curriculum.lnk - Malware > Ecluido. (14.03.24. 23.35 Curriculum.lnk.567425; MD5: 24e806a26b2ac833db9887dcc12ff17e)

>>> G:\Fotos Slides Movie.lnk - Malware > Ecluido. (14.03.24. 23.35 Fotos Slides Movie.lnk.401344; MD5: f063205fa4752d59ce382697a27e0c8a)

>>> G:\Virus.lnk - Malware > Ecluido. (14.03.24. 23.35 Virus.lnk.115835; MD5: 5c98d4fc1c80a91dc2828b6ac4c87f97)

>>> G:\Fotos Slides Movie.vbe - Malware > Ecluido. (14.03.24. 23.35 Fotos Slides Movie.vbe.113308; MD5: 1452bc799b5a8e61f9717429390fa019)

>>> G:\Virus.vbe - Malware > Ecluido. (14.03.24. 23.35 Virus.vbe.580543; MD5: 1452bc799b5a8e61f9717429390fa019)

=> Arquivos maliciosos : 5/5 apagado.
=> Arquivos Ocultos : 3/3 removido atributo oculto.

____________________________________________

::::: Duração do escaneamento: (Modo interativo)

por andrade401 Ter 25 Mar 2014, 09:22

~ Relatório do ZHPDiag v2014.3.25.31 - Nicolas Coolman (25/3/2014)
~ Iniciado por Administrador (25/3/2014 08:45:54)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 27.0.1
GCIE: Google Chrome v33.0.1750.154 (Defaut)
OBIE: Safari v5.34.57.2

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4336
Malwarebytes Anti-Malware versão 1.75.0.1300
McAfee Security Scan Plus v3.8.141.11

---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 34 GB (57%) free of 59 GB

---\\ Modo de conexão ao sistema
~ Computer Name: SECRETARIA
~ User Name: Administrador
~ All Users Names: HelpAssistant, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Administrador\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Administrador\Desktop\
~ %Favorites% : C:\Documents and Settings\Administrador\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Administrador\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 34 Go of 59 Go)
D: Hard drive, Flash drive, Thumb drive (Free 21 Go of 90 Go)
E: Hard drive, Flash drive, Thumb drive (Free 327 Go of 466 Go)
F: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 48 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.77ED593FF2546FED2A51B42CD56634B5] - (.Microsoft Corporation - Windows Explorer.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\Explorer.exe [1434112]
[MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.8/3/2009 - 03:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.4D43E74F2A1239D53929B82600F1971C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/1/2010 - 17:51:18.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7170AB42B51954DEF2781A4D1CCE65F4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.25/1/2010 - 17:51:22.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [455936]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.25/1/2010 - 17:57:22.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 13:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.12/4/2008 - 17:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/4661
~ Mes musiques (My Musics) : 3/3917
~ Mes Videos (My Videos) : 2/76
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 3/62178
~ Mon Bureau (My Desktop) : 1/3358
~ Menu demarrer (Programs) : 1/86
~ Hidden Files: Scanned in 00mn 01s

---\\ Processos lançados
[MD5.6DE9AC13D76238AD7427E5453C8ECC54] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [519224] [PID.1384]
[MD5.062F3DB9AFA9C3CE0DA52F28595C0C6D] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [49152] [PID.740]
[MD5.DB90709B3EA5F42B1A5BF498C8902FD3] - (.artArmin - Changes "My Computer" drive icons to Window.) -- C:\Arquivos de programas\UX Pack\Vista Drive Icon\DrvIcon.exe [49152] [PID.788]
[MD5.16EE5FC85A65296FFFC4BA8BDDDD0933] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe [4962320] [PID.232]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.1008]
[MD5.B747B6BB015E552F49C634BB19540F3D] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe [348008] [PID.1336]
[MD5.B9963C336A2BF054520DC09CE7C81476] - (.Firebird Project - Firebird SQL Server.) -- C:\Arquivos de programas\Firebird\bin\fbguard.exe [81920] [PID.1480]
[MD5.1E40EF882A2AFC3A715969AD7BF531B1] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe [202024] [PID.1612]
[MD5.69E967F3FF9E3DF41F4228440FBD43AE] - (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe [1015808] [PID.1252]
[MD5.CF03C8F6F6B0D71F6E5BCE167FCF7CA6] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [214360] [PID.412]
[MD5.4057F089376550D622D0B5DE8375CFA5] - (.Hewlett-Packard Co. - HP OfficeJet COM Device Objects.) -- C:\Arquivos de programas\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe [487487] [PID.428]
[MD5.43E2CFC37953501EA40D852AE585E7C0] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Arquivos de programas\McAfee Security Scan\3.8.141\SSScheduler.exe [277920] [PID.524]
[MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.700]
[MD5.6D4028D458EAAA1782099750790DC8C9] - (.Nero AG - Nero BackItUp.) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [853288] [PID.1860]
[MD5.7111E5ECEF69BE5DCD83BBA71E2C92C7] - (.Hewlett-Packard Co. - HP OfficeJet COM Event Manager.) -- C:\Arquivos de programas\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe [299008] [PID.2752]
[MD5.801DB9C43872A56F3D697B97CFF13A90] - (.HP - PML Driver.) -- C:\WINDOWS\system32\hpoipm07.exe [57344] [PID.2812]
[MD5.B47404CE946AD4E4970BB8628E8183FA] - (.Samsung Electronics Co., Ltd. - Samsung Network PC Fax (FaxServer).) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe [175616] [PID.2848]
[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Arquivos de programas\UX Pack\RocketDock\RocketDock.exe [495616] [PID.3404]
[MD5.40D5670BE9035DE8F1A7AFC1E8C0C4F3] - (.Hewlett-Packard Co. - HP OfficeJet Status.) -- C:\Arquivos de programas\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe [290816] [PID.3472]
[MD5.87A3217E3793D98D84BEE1652CFC9E0F] - (.Hewlett-Packard Co. - HP OfficeJet G Series Fax Manager.) -- C:\Arquivos de programas\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe [184320] [PID.3484]
[MD5.DB8EE43C90536A07D4BA481079AE214C] - (.Firebird Project - Firebird SQL Server.) -- C:\Arquivos de programas\Firebird\bin\fbserver.exe [2736128] [PID.2052]
[MD5.1BEF5464C06F4AF0C704378824C52ADB] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [382248] [PID.2260]
[MD5.279A2F9A8626E0BCEAC222BA7C3C02EF] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe [1410344] [PID.2364]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3300]
[MD5.80B8AE8E18FF57BE13FF4A5959DB0EC1] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe [184320] [PID.3976]
[MD5.F0898E9BD7C914FB7389F393D189B32F] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe [569344] [PID.276]
[MD5.85269484DDA143582F06C65CA339FBB9] - (.Hewlett-Packard - GPCore COM object.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe [286720] [PID.2820]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [275568] [PID.3996]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe [18544] [PID.2988]
[MD5.29CC39577CA273CA0E75FD562E66AE96] - (.AVG Secure Search - ToolbarU Application (Official).) -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032] [PID.3932] =>Toolbar.AVGSearch
[MD5.9E82C79544AB1980D807737777EADE72] - (.No owner - loggings Application.) -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe [159768] [PID.3668] =>Toolbar.AVGSearch
[MD5.53E9A98173B5610A3434D3C86CAFA9A3] - (.No owner - VProtect Application (Official).) -- C:\Arquivos de programas\AVG Secure Search\vprot.exe [2544664] [PID.256] =>Toolbar.AVGSearch
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.240]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1504]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.896]
[MD5.A73E6F3C9F1072FA809E941878C44221] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8178688] [PID.4336]
~ Processes Running: Scanned in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 18

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: outobox - {30f06672-0e95-41a9-80cb-dee386af99ad} . (.outobox - outobox.) -- C:\Arquivos de programas\outobox\outoboxbho.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll (Official).) -- C:\Arquivos de programas\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll =>Toolbar.AVGSearch
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} . (.DealPly Technologies Ltd - DealPly for Internet Explorer.) -- C:\Arquivos de programas\DealPly\DealPlyIE.dll =>PUP.DealPly
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll
~ BHO: 48 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: AVG Security Toolbar - [HKLM]{95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll (Official).) -- C:\Arquivos de programas\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll =>Toolbar.AVGSearch
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Chave orfã
O3 - Toolbar: (no name) - [HKCU]{1E796980-9CC5-11D1-A83F-00C04FC99D61} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: AquariusPlus.lnk . (...) -- C:\WINDOWS\Installer\{E868D3AD-0F3D-4174-9BED-13B992EABFC0}\app_icon.ico
O4 - GS\Desktop [AllUsers]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [AllUsers]: Central de Soluções HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqdirec.exe
O4 - GS\Desktop [AllUsers]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [AllUsers]: GPS.lnk . (.SRP / Dataprev - Impressor de GPS.) -- C:\Arquivos de programas\SRP\GPS.exe
O4 - GS\Desktop [AllUsers]: hp officejet v series.lnk . (.Hewlett-Packard Co. - HP OfficeJet Director.) -- C:\Arquivos de programas\Hewlett-Packard\AiO\Shared\Bin\hpodir07.exe =>.Hewlett-Packard Co
O4 - GS\Desktop [AllUsers]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Arquivos de programas\McAfee Security Scan\3.8.141\McUICnt.exe
O4 - GS\Desktop [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [AllUsers]: Safari.lnk . (...) -- C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\Desktop [AllUsers]: Softcheque.lnk . (.Techmundi Software - Software para preenchimento e impressão de.) -- C:\Arquivos de programas\Softcheque5\SoftCheque.exe
O4 - GS\Desktop [Administrador]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe
O4 - GS\Desktop [Administrador]: Ficha Do Aluno.lnk . (...) -- D:\Arquivos MD\Ficha Do Aluno.docx
O4 - GS\Desktop [Administrador]: FSResizer.lnk . (...) -- C:\FSResizer31\FSResizer.exe
O4 - GS\Desktop [Administrador]: Papel timbrado Câmara.lnk . (...) -- D:\Arquivos MD\Documentos Câmara\Papel timbrado Câmara.doc
O4 - GS\Desktop [Administrador]: SIGMA ASSESSORIA.lnk . (...) -- D:\Arquivos MD\SIGMA ASSESSORIA
~ Global Startup: 35 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [UX Launcher] . (.Windows X - UX Pack Launchcer.) -- C:\Arquivos de programas\UX Pack\uxlaunch.exe
O4 - HKLM\..\Run: [DrvIcon] . (.artArmin - Changes "My Computer" drive icons to Window.) -- C:\Arquivos de programas\UX Pack\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Run: [vProt] . (.No owner - VProtect Application (Official).) -- C:\Arquivos de programas\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch
O4 - HKLM\..\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] . (.Microsoft Corporation - Instalador de classe de imagem fixa.) -- C:\WINDOWS\system32\sti_ci.dll
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKCU\..\Run: [21] . (...) -- C:\Documents and Settings\Administrador\Dados de aplicativos\372\21.js
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-21-2000478354-790525478-1801674531-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2000478354-790525478-1801674531-500\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2000478354-790525478-1801674531-500\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe
O4 - HKUS\S-1-5-21-2000478354-790525478-1801674531-500\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-2000478354-790525478-1801674531-500\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2000478354-790525478-1801674531-500\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKUS\S-1-5-21-2000478354-790525478-1801674531-500\..\Run: [21] . (...) -- C:\Documents and Settings\Administrador\Dados de aplicativos\372\21.js
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.samsungsetup.com
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2511A15-756B-4153-8D3E-FD02AD324511}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F2511A15-756B-4153-8D3E-FD02AD324511}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F2511A15-756B-4153-8D3E-FD02AD324511}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - c:\docume~1\alluse~1\dadosd~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Arquivos de programas\Firebird\bin\fbguard.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
O23 - Service: (vToolbarUpdater18.0.5) . (.AVG Secure Search - ToolbarU Application (Official).) - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe =>Toolbar.AVGSearch
~ Services: 12 Legitimates Filtered in 00mn 06s

---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [418]
[MD5.3B4EDF353F1066DBE8808917A760B3D7] [APT] [At1] (...) -- C:\DOCUME~1\Administrador\DADOSD~1\Dealply\UPDATE~1\UPDATE~1.exe [102968] =>PUP.DealPly
~ Scheduled Task: 30 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: AquariusPlus - (.GPS Aquarius.) [HKLM] -- {E868D3AD-0F3D-4174-9BED-13B992EABFC0}
O42 - Logiciel: Ares 2.1.7 - (.Ares Development Group.) [HKLM] -- Ares
O42 - Logiciel: DealPly - (.DealPly Technologies Ltd.) [HKLM] -- DealPly =>PUP.DealPly
O42 - Logiciel: GBBD Guardião - Itaú 30 horas - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: GPS - (...) [HKLM] -- GPS
O42 - Logiciel: Gerador números mega sena versão v.1275 - (.inicieseusite, Inc..) [HKLM] -- {31C58CAF-35BF-487E-B7DC-9434CB4FD100}_is1
O42 - Logiciel: HTLoto - (...) [HKLM] -- HTLoto
O42 - Logiciel: Sev7n Inspirat pack 1.0 by EuMAX - (...) [HKCU] -- Sev7n Inspirat pack 1.0 by EuMAX
O42 - Logiciel: Softcheque - (.Techmundi Software.) [HKLM] -- {93B41068-1A80-43B5-BA7A-8C36DCBC79E6}_is1
O42 - Logiciel: Update_DealPly - (...) [HKCU] -- DealPly =>PUP.DealPly
O42 - Logiciel: outobox - (.outobox.) [HKLM] -- outobox
~ Logic: 29 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\5328b8be63eb812] =>Hijacker.Hijacker.Eazel
[HKCU\Software\Ares]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Data]
[HKCU\Software\GPS Aquarius]
[HKCU\Software\GbAs]
[HKCU\Software\Hypertech]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\PDF reDirect]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\outobox]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\DARUMA]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Fotos Slides Movie]
~ Key Software: 283 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/3/2014 - 09:33:23 - [0,045] -SH-D C:\Arquivos de programas\2822
O43 - CFD: 8/1/2013 - 09:29:11 - [4,783] ----D C:\Arquivos de programas\Ares
O43 - CFD: 18/1/2013 - 13:13:00 - [0,749] ----D C:\Arquivos de programas\DealPly =>PUP.DealPly
O43 - CFD: 4/2/2014 - 11:02:12 - [65,186] ----D C:\Arquivos de programas\GPS Aquarius
O43 - CFD: 22/2/2013 - 09:26:48 - [1,012] ----D C:\Arquivos de programas\HTech32
O43 - CFD: 18/12/2013 - 09:06:57 - [0,981] ----D C:\Arquivos de programas\outobox
O43 - CFD: 25/1/2013 - 07:58:56 - [11,440] ----D C:\Arquivos de programas\PDF reDirect
O43 - CFD: 10/12/2012 - 10:34:08 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 18/3/2014 - 09:03:36 - [20,568] ----D C:\Arquivos de programas\Softcheque5
O43 - CFD: 21/12/2012 - 07:37:24 - [1,145] ----D C:\Arquivos de programas\SRP
O43 - CFD: 10/12/2012 - 04:59:42 - [137,568] ----D C:\Arquivos de programas\Arquivos comuns\IDRS
O43 - CFD: 10/12/2012 - 10:32:58 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 15/2/2013 - 14:12:26 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Babylon =>PUP.Babylon
O43 - CFD: 6/12/2013 - 10:13:01 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
O43 - CFD: 17/3/2014 - 09:33:23 - [0,045] -SH-D C:\Documents and Settings\Administrador\Dados de aplicativos\372
O43 - CFD: 15/2/2013 - 14:12:26 - [0,008] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon =>PUP.Babylon
O43 - CFD: 18/1/2013 - 13:12:58 - [0,098] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\DealPly =>PUP.DealPly
O43 - CFD: 10/3/2014 - 07:56:29 - [0,004] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\newnext.me =>PUP.NextLive
O43 - CFD: 25/1/2013 - 07:59:27 - [30,086] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\PDF reDirect
O43 - CFD: 18/1/2013 - 17:29:00 - [0,430] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Ares
O43 - CFD: 18/12/2013 - 09:18:30 - [1,224] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\genienext =>PUP.NextLive
O43 - CFD: 4/2/2014 - 11:02:29 - [0,012] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GPS Aquarius
O43 - CFD: 24/2/2014 - 11:15:24 - [0,024] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\QuickStores
O43 - CFD: 10/12/2012 - 10:44:22 - [0,013] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios
O43 - CFD: 8/1/2013 - 09:29:09 - [0,003] ----D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Ares
O43 - CFD: 18/1/2013 - 13:13:01 - [0,004] ----D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\DealPly =>PUP.DealPly
O43 - CFD: 22/2/2013 - 09:26:48 - [0,003] ----D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\HTLoto
O43 - CFD: 21/2/2014 - 07:48:57 - [0] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar
O43 - CFD: 10/12/2012 - 11:07:48 - [0,001] ----D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Sev7n Inspirat pack 1.0 by EuMAX
~ Program Folder: 181 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.5D01F274486065BEE99D657DEB2FC710] - 14/3/2014 - 11:38:23 ---A- . (...) -- C:\WINDOWS\wmsetup.log [543]
O44 - LFC:[MD5.F4301A91375B08526B282DCD2542F7B9] - 19/3/2014 - 10:14:29 ---A- . (...) -- C:\WINDOWS\BRWMARK.INI [426]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 24/3/2014 - 12:34:39 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 25/3/2014 - 08:11:34 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O44 - LFC:[MD5.5B44242C9588F1D2A7E77EE009009A85] - 25/3/2014 - 08:12:01 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.34BBAA225287FC2ED7E0562C4AF24BA7] - 25/3/2014 - 08:12:02 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
~ Files: 23 Legitimates Filtered in 00mn 00s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Scan Assistant\USDAgent.exe" [Enabled] .(..) -- C:\Arquivos de programas\Scan Assistant\USDAgent.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Ares\Ares.exe" [Enabled] .(.Ares Development Group.) -- C:\Arquivos de programas\Ares\Ares.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Arquivos comuns\Common Desktop Agent\CDASrv.exe" [Enabled] .(...) -- C:\Arquivos de programas\Arquivos comuns\Common Desktop Agent\CDASrv.exe (.not file.)
~ Keys Export: 44 Legitimates Filtered in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{10bea724-55c6-11e3-b5be-002511ec9469}\AutoRun\command. (...) -- E:\Samsung_Drive_Manager.exe (.not file.)
O51 - MPSK:{32be7b90-7766-11e2-b47c-002511ec9469}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
O51 - MPSK:{821d8974-61d0-11e3-b5d4-002511ec9469}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
O51 - MPSK:{869866d2-8bd3-11e2-b4a2-002511ec9469}\AutoRun\command. (...) -- G:\RunClubSanDisk.exe (.not file.)
O51 - MPSK:{bd4e1220-507d-11e3-b5b2-002511ec9469}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
O51 - MPSK:{ee9e8eb5-ab69-11e3-b643-002511ec9469}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnabledLUA"=0
~ MWPS: 8 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMHelp"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "ForceClassicControlPanel"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "TaskbarNoThumbnail"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoControlPanel"=
O56 - MWPE:[HKCU\...\policies\Explorer] - "NofolderOptions"=
~ MWPE Keys: 16 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 25/1/2010 - 17:56:37 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.677BDD6FBB8559BC462AFF028AB0F795] - 24/2/2014 - 15:37:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [46392]
O58 - SDL:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 25/3/2014 - 08:11:34 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 12/4/2008 - 17:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 12/4/2008 - 17:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 25/1/2010 - 17:56:37 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 12/4/2008 - 17:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 8 Legitimates Filtered in 00mn 01s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 22/7/2009 - C:\Arquivos de programas\Firebird\bin\fbguard.exe (FirebirdGuardianDefaultInstance) .(.Firebird Project - Firebird SQL Server.) - LEGACY_FIREBIRDGUARDIANDEFAULTINSTANCE
O64 - Services: CurCS - 24/2/2014 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 24/2/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
O64 - Services: CurCS - 25/3/2014 - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe (vToolbarUpdater18.0.5) .(.AVG Secure Search - ToolbarU Application (Official).) - LEGACY_VTOOLBARUPDATER18.0.5 =>Toolbar.AVGSearch
~ Legacy: 148 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Arquivos de programas\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (iSearch) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {CB994154-B8AE-437A-8DB0-188F0464A87C} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {CB994154-B8AE-437A-8DB0-188F0464A87C} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {CB994154-B8AE-437A-8DB0-188F0464A87C} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.0796BB9EE795BA221193085CD895E9A9] [SPRF][4/12/2013] (...) -- C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.dat [20583]
[MD5.F88889972BAD4CE5CEC690CA883BC0EE] [SPRF][4/12/2013] (.No owner - Setup/Uninstall.) -- C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.exe [716942]
~ Files: 7 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "DA3D868ED3F04714B9DE319B29AEFB0C" . (.AquariusPlus.) -- C:\WINDOWS\Installer\{E868D3AD-0F3D-4174-9BED-13B992EABFC0}\app_icon.ico
~ Update Products: 79 Legitimates Filtered in 00mn 00s

---\\ Exportar as chaves do registo aleatórias (091)
[HKCU\Software\5328b8be63eb812\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\5328b8be63eb812\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Hijacker.Eazel
[HKCU\Software\5328b8be63eb812] =>PUP.Babylon^
~ Export Key Software: Scanned in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.00E439A67D278E4C1CA86E636C7C3927] [WIS][4/2/2014] (.GPS Aquarius - AquariusPlus.) -- C:\Windows\Installer\65f2f3.msi [481792]
[MD5.3B56148C518326CE0CC0AB0BE5B626F8] [WIS][2/1/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\dd2da9.msi [24064] =>Toolbar.Google
[MD5.DFAFDDBF1049A8DBB067AAB134370123] [WIS][10/12/2012] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\f911c.msi [121344]
[MD5.AC32A0174BCD418B45293B9D1EF2BE89] [WIS][10/12/2012] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\f9144.msi [648192]
[MD5.9BBFAC20D5F8488C4C9820087272F4DE] [WIS][10/12/2012] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\f916e.msi [121344]
[MD5.31C334D42BE0ECB3D09E2DA48215447B] [WIS][10/12/2012] (.DocumentViewerQFolder - DocumentViewerQFolder.) -- C:\Windows\Installer\f917e.msi [121344]
~ WIS: 84 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/3/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 22/1/2014 3788816 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe
SS - | Demand 12/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 2/1/2013 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 2/1/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 2/1/2013 194032 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 15/1/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Arquivos de programas\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 18/2/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 28/2/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe

SR - | Auto 24/9/2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 22/7/2009 81920 | (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Arquivos de programas\Firebird\bin\fbguard.exe
SR - | Demand 22/7/2009 2736128 | (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Arquivos de programas\Firebird\bin\fbserver.exe
SR - | Auto 24/2/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Demand 12/4/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 12/4/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 18/12/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 20/9/2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Auto 12/4/2008 14336 | C:\WINDOWS\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Demand 20/9/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
SR - | Auto 12/4/2008 14336 | C:\WINDOWS\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 25/12/2011 175616 | (Samsung Network Fax Server) . (.Samsung Electronics Co., Ltd..) - C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe
SR - | Auto 25/3/2014 1771032 | (vToolbarUpdater18.0.5) . (.AVG Secure Search.) - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe =>Toolbar.AVGSearch

~ Services: Scanned in 00mn 01s

---\\ Scâner Aditional (088)
Database Version : 13031 - (25/3/2014)
Clés trouvées (Keys found) : 51
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 12
Fichiers trouvés (Files found) : 8

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.0.5] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKLM\Software\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AVG Secure Search.BrowserWndAPI] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AVG Secure Search.PugiObj] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AVG Secure Search.PugiObj.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\DealPly] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\DealPly] =>PUP.DealPly
[HKLM\Software\DealPly] =>PUP.DealPly
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\Classes\AVG Secure Search.BrowserWndAPI.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{95B7759C-8C7F-4BF1-B163-73684A933233} =>Toolbar.AVGSearch^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:vProt =>Toolbar.AVGSearch^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Arquivos de programas\DealPly =>PUP.DealPly^
C:\Documents and Settings\All Users\Dados de aplicativos\Babylon =>PUP.Babylon^
C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon =>PUP.Babylon^
C:\Documents and Settings\Administrador\Dados de aplicativos\DealPly =>PUP.DealPly^
C:\Documents and Settings\Administrador\Dados de aplicativos\newnext.me =>PUP.NextLive^
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\genienext =>PUP.NextLive^
C:\Documents and Settings\Administrador\Menu Iniciar\Programas\DealPly =>PUP.DealPly^
C:\Arquivos de programas\AVG Secure Search =>Toolbar.AVGSearch
C:\Arquivos de programas\Arquivos comuns\AVG Secure Search =>Toolbar.AVGSearch
C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search =>Toolbar.AVGSearch
C:\Documents and Settings\Administrador\Dados de aplicativos\AVG Secure Search =>Toolbar.AVGSearch
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\AVG Secure Search =>Toolbar.AVGSearch
C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe =>Toolbar.AVGSearch^
C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe =>Toolbar.AVGSearch^
C:\Arquivos de programas\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch^
C:\DOCUME~1\Administrador\DADOSD~1\Dealply\UPDATE~1\UPDATE~1.exe =>PUP.DealPly^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKCU\Software\5328b8be63eb812\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel^
[HKCU\Software\5328b8be63eb812] =>PUP.Babylon^^
C:\Windows\Installer\dd2da9.msi =>Toolbar.Google^
~ Additionnel Scan: 237065 Items scanned in 00mn 18s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Datamngr
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallCore
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.NextLive
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ToparcadeHits
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Bandoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BProtector
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
~ MSI: 10 link(s) detected in 00mn 00s

~ 1075 Legitimates filtered by white list
End of the scan (732 lines in 00mn 40s)(0)

por **Power Max** Ter 25 Mar 2014, 11:05

Sugiro que desinstale o McAfee Security Scan Plus, que é desnecessário.
_____________________________________________________________________________________________________________

Virus do Fotos Slides Movie, como usar o ZHPDiag 772309

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________

Virus do Fotos Slides Movie, como usar o ZHPDiag 772309

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie os arquivos destas pastas destacadas em negrito abaixo para serem analisados (um de cada vez):

C:\Arquivos de programas\2822
C:\Documents and Settings\Administrador\Dados de aplicativos\372

E à medida em que os arquivos forem analisados, copie o link que aparecerá aparecerá na barra de endereços de seu navegador e poste estes links juntamente com o relatório do ZHPFix pedido abaixo.
_____________________________________________________________________________________________________________

Virus do Fotos Slides Movie, como usar o ZHPDiag 772309

Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________

Virus do Fotos Slides Movie, como usar o ZHPDiag 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos arquivos no site Virus Total.

por netoibest Ter 25 Mar 2014, 11:51

Resultado do ZHPfix

Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by Neto at 25/03/2014 11:38:38
High Elevated Privileges : OK
Windows Vista Ultimate Edition, 64-bit (Build 6000)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\InstallCore
ELIMINÉ:* HKLM\Software\Fotos Slides Movie

========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
ELIMINÉ RunValue: Fotos Slides Movie
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ AppInit: \docume~1\alluse~1\dadosd~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\wscript.exe
ELIMINÉ Temporários windows (1402) (758.384.682 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
2 : Chaves do Registo
8 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
3 : Ficheiros
1 : Restauração Sistema

End of clean in 01mn 11s

========== Caminho do ficheiro do relatório ==========
C:\Users\Neto\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25/03/2014 11:38:41 [1603]

o resultado do vírus mais segue em anexo no arquivo .doc

por **Power Max** Ter 25 Mar 2014, 12:53

Você enviou todos os arquivos daquelas duas pastas para análise no site Virus Total? Algum dos arquivos foi classificado como vírus? no arquivo que você passou não teve como eu ver porque é de uma versão diferente do Word.
______________________________________________________________________

Virus do Fotos Slides Movie, como usar o ZHPDiag 772309

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por netoibest Ter 25 Mar 2014, 13:34

OS 2 ARQUIVOS SÃO EXATAMENTE IGUAIS, E DERAM O MESMO RESULTADO SEGUE O LINk PARA VC PODER DAR UMA OLHADA [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

RESULTADO DO zhp

~ Relatório do ZHPDiag v2014.3.24.29 - Nicolas Coolman (24/03/2014)
~ Iniciado por Neto (25/03/2014 13:32:35)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program

---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v33.0.1750.154

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8191 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 80 GB (53%) free of 149 GB

---\\ Modo de conexão ao sistema
~ Computer Name: NETO-PC
~ User Name: Neto
~ All Users Names: Neto, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Neto\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Neto\AppData\Roaming\
~ %Desktop% : C:\Users\Neto\Desktop\
~ %Favorites% : C:\Users\Neto\Favorites\
~ %LocalAppData% : C:\Users\Neto\AppData\Local\
~ %StartMenu% : C:\Users\Neto\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 80 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 109 Go of 149 Go)
G: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 10:24:45.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/02/2013 - 03:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/47
~ Mes Videos (My Videos) : 1/9
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/8
~ Mon Bureau (My Desktop) : 4/270
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.A0012C1D9B8648C20C00202418B9D02F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712] [PID.2096]
[MD5.923DE81FEE5257055E645AE9236B91D9] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe [1307736] [PID.2184] =>P2P.BitTorrent
[MD5.646A34526CC33BE4CA933C5680D80B48] - (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912] [PID.2244]
[MD5.89B7B1B233466CB6C19CF6EC2D49AED1] - (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816] [PID.2432]
[MD5.9D51EA92A612B37E76E5E4621650C50A] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288] [PID.2412]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.1532]
[MD5.58FBD16C4BB84D9F69C25F30DAA4CE31] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe [158032] [PID.4316]
[MD5.39A7DED370697F03E8AD73D5C3EEABFD] - (.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe [1464000] [PID.4780] =>Adware.BDSearch
[MD5.A1F8B58F1EC431485F8377A273E02223] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [390256] [PID.676]
[MD5.1A71CA0C02AC3972FCB7FC22C329CD81] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8179200] [PID.2504]
[MD5.EACEC497A6496E2A280348AD67ACF280] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.856]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1540]
[MD5.974A1F783ED34588B45FAD6375077BA6] - (.Hewlett-Packard Company - SolutionsFrameworkService.) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904] [PID.1616]
[MD5.903A40C958D471F9D30D29FA6D2800A4] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304] [PID.1968]
[MD5.0B6DEA0A1662CAB8F2BF339DC0752EF4] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.1500]
[MD5.7605113BD42CC034B29EFE5248CFE679] - (.Baidu Inc. - Spark Service.) -- C:\Program Files (x86)\baidu\Spark\sparkservice.exe [83648] [PID.1752] =>Adware.BDSearch
[MD5.775A7C4B689C0F112A12AD62064E57D1] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [5093216] [PID.1656]
[MD5.78F7BB9F4924BE164294C59B8C3FC096] - (.Nokia - ServiceLayer Module.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [737616] [PID.2164]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 16 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: btorbit.com [64Bits] - {000123B4-9B42-4900-B3F7-F4B073EFC214} . (.Orbitdownloader.com - Orbitcth.) -- C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Neto]: Baidu Spark Browser.lnk . (.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
O4 - GS\QuickLaunch [Neto]: F1Upgrade.lnk . (...) -- C:\Program Files (x86)\NSS\F1UpgradeUtility.exe
O4 - GS\QuickLaunch [Neto]: Fotos 3x4.lnk . (...) -- C:\Program Files (x86)\Fotos 3x4\Foto3x4.exe
O4 - GS\QuickLaunch [Neto]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Neto]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Neto]: MiPony.lnk . (.www.mipony.net - Mipony.) -- C:\Program Files (x86)\MiPony\MiPony.exe
O4 - GS\QuickLaunch [Neto]: NSS.lnk . (.B-phreaks - Nemesis Service Suite.) -- C:\Program Files (x86)\NSS\NSS.exe
O4 - GS\QuickLaunch [Neto]: Orbit.lnk . (.Orbitdownloader.com - Orbit Downloader.) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O4 - GS\QuickLaunch [Neto]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [Neto]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Neto]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Neto]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Neto]: Neto Oliveira.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
O4 - GS\SystemTools [Neto]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Neto]: Baidu Spark Browser.lnk . (.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
~ Global Startup: 61 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [AutoKMS] C:\Windows\AutoKMS.exe (.not file.) =>Trojan.Keygen
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [Virus] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Neto\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKCU\..\Run: [Defrag] . (.Baidu, Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe =>Adware.BDSearch
O4 - HKCU\..\Run: [Virus] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\mcshieldrtm.exe
O4 - HKCU\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Neto\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [AdobeBridge] Chave orfã
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [Defrag] . (.Baidu, Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe =>Adware.BDSearch
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [Virus] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\mcshieldrtm.exe
O4 - HKUS\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE9D722A-867F-49D2-B59E-0673E811D364}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BE9D722A-867F-49D2-B59E-0673E811D364}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{BE9D722A-867F-49D2-B59E-0673E811D364}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Spark Browser Service (SparkSvc) . (.Baidu Inc. - Spark Service.) - C:\Program Files (x86)\baidu\Spark\sparkservice.exe =>Adware.BDSearch
~ Services: 10 Legitimates Filtered in 00mn 02s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AmiUpdXp.job [462] =>PUP.Software.Updater
[MD5.4F780B58636CA83AD3472FC9E17B7B1A] [APT] [AmiUpdXp] (...) -- C:\Users\Neto\AppData\Local\f3d73e43-a7ad-4112-960e-78fc74668666\f3d73e43-a7ad-4112-960e-78fc74668666.exe [284160] =>PUP.Software.Updater
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [{2D72A906-EB31-4832-BD3F-366963441A60}] (...) -- C:\Users\Neto\Downloads\Flash_Disinfector.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 01s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Fotos 3x4 versao 1.0.0.7 - (.Qualiom Sistemas Computacionais.) [HKLM][64Bits] -- Fotos 3x4_is1
O42 - Logiciel: MCShield ::Anti-Malware Tool:: - (.MyCity.) [HKLM][64Bits] -- MCShield
~ Logic: 24 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AUVF]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\MCShield]
[HKCU\Software\baidu] =>Adware.BDSearch
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\sr]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Virus]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles
~ Key Software: 256 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/03/2014 - 18:06:09 - [209,533] ----D C:\Program Files (x86)\baidu =>Adware.BDSearch
O43 - CFD: 20/03/2014 - 13:42:29 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 10/02/2014 - 12:38:06 - [1,312] ----D C:\Program Files (x86)\Fotos 3x4
O43 - CFD: 24/03/2014 - 23:27:38 - [4,280] ----D C:\Program Files (x86)\MCShield
O43 - CFD: 20/03/2014 - 13:42:34 - [0,166] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 24/03/2014 - 16:47:44 - [0] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 25/03/2014 - 12:39:54 - [3,659] ----D C:\ProgramData\MCShield
O43 - CFD: 01/02/2014 - 18:51:24 - [0,001] ----D C:\ProgramData\Pads
O43 - CFD: 01/02/2014 - 18:51:24 - [0] ----D C:\ProgramData\PadsVs
O43 - CFD: 01/02/2014 - 19:30:33 - [0] --H-D C:\ProgramData\Permission
O43 - CFD: 01/02/2014 - 18:50:55 - [5,531] ----D C:\ProgramData\Procad
O43 - CFD: 20/03/2014 - 13:42:39 - [0,007] ----D C:\Users\Neto\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 14/02/2014 - 00:42:28 - [0,002] ----D C:\Users\Neto\AppData\Roaming\CDROLLER
O43 - CFD: 14/02/2014 - 00:53:47 - [0,002] ----D C:\Users\Neto\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 20/03/2014 - 13:05:11 - [0,272] ----D C:\Users\Neto\AppData\Local\f3d73e43-a7ad-4112-960e-78fc74668666
O43 - CFD: 14/02/2014 - 01:04:00 - [0] ----D C:\Users\Neto\AppData\Local\Lollipop =>Adware.Lollipop
~ Program Folder: 166 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8056D6CAA5B399ECE60988AAA4413B55] - 11/03/2014 - 18:10:14 ---A- . (...) -- C:\fraglist.luar [1285]
O44 - LFC:[MD5.72B17A61CB3813213F1DA66D906B6886] - 25/03/2014 - 11:39:57 ---A- . (...) -- C:\Archive.ini [47]
~ Files: 8 Legitimates Filtered in 00mn 01s

---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
~ Keys Export: 2 Legitimates Filtered in 00mn 00s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{33e5f441-875c-11e3-b359-6c626df42974}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{40378408-85ce-11e3-ac86-6c626df42974}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.330F1D07DC31B3D159E4C6CB2AED17E7] - 25/06/2012 - 15:44:52 ---A- . (.PROTEQ - Driver do C500 da PROTEQ para Windows NT.) -- C:\Windows\SysWOW64\drivers\Proteq.sys [7598]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/01/1601 - C:\Windows\system32\vmbusres.dll (vmbus) .(...) - LEGACY_VMBUS
~ Legacy: 82 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <BDIPCSHTML>[HKCU\..\open\Command] (.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Spark> <>[HKLM\..\Shell\open\Command] (.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{EB53C69E-0653-44D4-8A67-EA786DEDA72F}C:\windows\kmsemulator.exe" |In - Private - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "UDP Query User{4202904F-C592-4356-B760-39A0C878AB70}C:\windows\kmsemulator.exe" |In - Private - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "{8BA20364-CFAF-4623-8BE2-E8D46D8F48BE}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{6F4297CB-7879-4293-A2AD-5C0B08DA7C11}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{E2ECAFB6-998D-470F-BF2E-26564EC63D9A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{3BDB8EE2-7A86-4383-AAEC-8AB391A564B1}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{52A9BBFB-0816-4526-B3AA-7DDEB3AD8E9E}" | In - Private - P6 - TRUE | .(.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
O87 - FAEL: "{CE4AD4D1-74CE-4D93-BC22-DD6E7E0129F2}" | In - Private - P17 - TRUE | .(.Baidu Inc. - Spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
O87 - FAEL: "{E3D7842B-8126-47CF-B993-DA4E18D4E3B7}" | In - Private - P6 - TRUE | .(.Baidu Inc. - Spark dumper.) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe =>Adware.BDSearch
O87 - FAEL: "{49E8D65D-4A3F-4CDC-91BD-86B61C44C13A}" | In - Private - P17 - TRUE | .(.Baidu Inc. - Spark dumper.) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe =>Adware.BDSearch
O87 - FAEL: "TCP Query User{6CCA4928-0F1E-4903-9022-C37C3BD6DAF3}C:\program files (x86)\youwave_android\vb\vboxsdl.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\youwave_android\vb\vboxsdl.exe (.not file.)
O87 - FAEL: "UDP Query User{6F30E1CC-B61E-4B8C-9F78-3A2C2C84239A}C:\program files (x86)\youwave_android\vb\vboxsdl.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\youwave_android\vb\vboxsdl.exe (.not file.)
~ Firewall: 223 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 20/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 20/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 18/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/12/2013 46904 | (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SR - | Auto 09/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 09/12/2013 15129376 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 19/12/2013 922912 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 24/07/2009 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 07/02/2014 83648 | (SparkSvc) . (.Baidu Inc..) - C:\Program Files (x86)\baidu\Spark\sparkservice.exe =>Adware.BDSearch
SR - | Auto 19/12/2013 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 07/02/2014 5093216 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 02s

---\\ Scâner Aditional (088)
Database Version : 13031 - (24/03/2014)
Clés trouvées (Keys found) : 10
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 7
Fichiers trouvés (Files found) : 13

[HKLM\SYSTEM\CurrentControlSet\Services\SparkSvc] =>Adware.BDSearch^
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater
[HKLM\Software\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater
[HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}] =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKLM\Software\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKLM\Software\Classes\Updater.AmiUpd] =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd.1] =>PUP.Software.Updater
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}] =>PUP.Software.Updater
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:AutoKMS =>Trojan.Keygen^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\baidu =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Neto\AppData\Roaming\Baidu =>Adware.BDSearch^
C:\Users\Neto\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles^
C:\Users\Neto\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch^
C:\Program Files (x86)\baidu\Spark\sparkservice.exe =>Adware.BDSearch^
C:\Windows\Tasks\AmiUpdXp.job =>PUP.Software.Updater^
C:\Users\Neto\AppData\Local\f3d73e43-a7ad-4112-960e-78fc74668666\f3d73e43-a7ad-4112-960e-78fc74668666.exe =>PUP.Software.Updater^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^
[HKCU\Software\baidu] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^
~ Additionnel Scan: 230959 Items scanned in 00mn 11s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Software.Updater
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.ExpressFiles
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Spyware.Soft2PC
~ MSI: 7 link(s) detected in 00mn 11s

~ 1040 Legitimates filtered by white list
End of the scan (513 lines in 00mn 29s)(0)

por **Power Max** Ter 25 Mar 2014, 14:20

Você conhece este programa abaixo?
C:\Program Files (x86)\Fotos 3x4\Foto3x4.exe
_________________________________________________________________________________________________________

Virus do Fotos Slides Movie, como usar o ZHPDiag 772309

Siga, por gentileza, as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________________________________________________________________________________

Virus do Fotos Slides Movie, como usar o ZHPDiag 772309

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Virus do Fotos Slides Movie, como usar o ZHPDiag 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o log do Usbfix que estará em C:\UsbFix.txt.

por andrade401 Ter 25 Mar 2014, 15:06

~ Relatório do ZHPDiag v2014.3.25.31 - Nicolas Coolman (25/03/2014)
~ Iniciado por CMF (25/03/2014 14:59:03)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 27.0.1
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.00 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1893 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 233 GB (51%) free of 451 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CMF-PC
~ User Name: CMF
~ All Users Names: HomeGroupUser$, Convidado, CMF, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\CMF\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\CMF\AppData\Roaming\
~ %Desktop% : C:\Users\CMF\Desktop\
~ %Favorites% : C:\Users\CMF\Favorites\
~ %LocalAppData% : C:\Users\CMF\AppData\Local\
~ %StartMenu% : C:\Users\CMF\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 233 Go of 451 Go)
D: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 43 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.AAFEAB4FC9D70253F8C7E353E879E8A2] - (.Microsoft Corporation - Internet Extensions para Win32.) (.28/02/2014 - 23:32:16.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/425
~ Mes musiques (My Musics) : 1/1432
~ Mes Videos (My Videos) : 2/3
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/14268
~ Mon Bureau (My Desktop) : 1/93
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 20s

---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2104]
[MD5.8943465BEFA91044227D42E84ECB8280] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048] [PID.3928]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3984]
[MD5.8F1E71C8C10AEE660598D5C91BBE610C] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1873192] [PID.724]
[MD5.F5A398669F9A79DA6EBF19056A20C0D5] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [143384] [PID.2540]
[MD5.300F5B6026A4AC9F174FEBD5852A977B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [176664] [PID.2660]
[MD5.5988C920AFEF7975CF1F1FCD755A55F9] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [178200] [PID.2892]
[MD5.D1C857DDDD433B7F63B74934B0B07793] - (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe [2235792] [PID.3032]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.3096]
[MD5.4B96654025B28EEB1E5D8F001E5D1B8A] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160] [PID.3284] =>Toolbar.Ask
[MD5.96B3C4E20F02CA16AA1E3E425BFFCC8B] - (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdc.exe [648072] [PID.3608]
[MD5.979D74799EA6C8B8167869A68DF5204A] - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe [141824] [PID.3328]
[MD5.947528093869A693516778596D5CE36D] - (.ELAN Microelectronics Corp. - ETD Control Center Helper.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe [1644944] [PID.2840]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.6124]
[MD5.A7DC47DBBE3C0384BA719DC4188AFA7E] - (.Microsoft Corporation - Windows Media Center.) -- C:\Windows\eHome\EhTray.exe [144384] [PID.1668]
[MD5.A73E6F3C9F1072FA809E941878C44221] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8178688] [PID.4700]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.0]
~ Processes Running: Scanned in 00mn 02s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\CMF\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kgmpojlddncminmkddkpoegdjhojjipg] GBBD GuardiÃ£o - ItaÃº 30 horas v.3.6.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pljcgbedjplidkdjahbaalanadmjfgop] Ask Toolbar v.32.3, (Désactivé) =>Toolbar.Ask

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 19 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\CMF\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 10 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehuni.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: AquariusPlus.lnk . (...) -- C:\Windows\Installer\{E868D3AD-0F3D-4174-9BED-13B992EABFC0}\app_icon.ico
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: GPS.lnk . (.SRP / Dataprev - Impressor de GPS.) -- C:\Program Files\SRP\GPS.exe
O4 - GS\Desktop [Public]: Image Magic.lnk . (...) -- C:\Program Files\Tweaks\Image Magic\imagemagic.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Receitanet 1.04 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.) -- C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: SlideShow 7 for YouTube.lnk . (.AquaSoft GmbH - AquaSoft DiaShow YouTube.) -- C:\Program Files\AquaSoft\SlideShow 7 for YouTube\DiaShow.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [CMF]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [CMF]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [CMF]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [CMF]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [CMF]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [CMF]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [CMF]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [CMF]: Filzip.lnk . (.Philipp Engel - Filzip.) -- C:\Program Files\Filzip\Filzip.exe
O4 - GS\Desktop [CMF]: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
O4 - GS\Desktop [CMF]: Naviextras Toolbox.lnk . (.NNG Kft. - No Comment.) -- C:\Program Files\Naviextras\Toolbox\toolbox.exe
~ Global Startup: 73 Legitimates Filtered in 00mn 08s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] . (.Corel Corporation - Registration.) -- C:\Program Files\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe
O4 - HKLM\..\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDCtrl] . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKLM\..\Run: [HP LaserJet M1120 MFP Install] D:\start.exe (.not file.)
O4 - HKLM\..\Run: [HPUsageTracking] . (...) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] . (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdc.exe
O4 - HKLM\..\RunOnce: [20131224] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\343e6b39-e2ed-45a3-8f24-e8b78e57b845.exe
O4 - HKCU\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1644732819-1788346720-1502318360-1000\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 02s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - Sincronização de Favoritos do ActiveSync.) -- C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -- Chave orfã
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn 01s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.samsungsetup.com
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{12C22646-F1FC-4B09-9EB2-FC75593B9A2C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{12C22646-F1FC-4B09-9EB2-FC75593B9A2C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{12C22646-F1FC-4B09-9EB2-FC75593B9A2C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Serviço de atualização Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
~ Services: 12 Legitimates Filtered in 00mn 10s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{69F57B7C-D4C7-4374-B10F-7747EB6F2838}] (...) -- C:\Users\CMF\Downloads\Win64_15338-[Guru3D.com].exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FFF81351-739F-43D5-8766-CBD988D9A56A}] (...) -- C:\Users\CMF\Downloads\56062_Touchpad_Synaptics_Win7_64_Z153450\Setup.exe (.not file.) [0]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 07s

---\\ Software instalados (042)
O42 - Logiciel: AquaSoft "SlideShow 7 for YouTube" - (.AquaSoft GmbH.) [HKLM] -- {9DFDD0C5-5AC1-484B-ACF8-0F3E1041750B}_is1
O42 - Logiciel: AquariusPlus - (.GPS Aquarius.) [HKLM] -- {E868D3AD-0F3D-4174-9BED-13B992EABFC0}
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM] -- {4F524A2D-5637-4300-76A7-A758B70C0A03} =>Toolbar.Ask
O42 - Logiciel: GBBD Guardião - Itaú 30 horas - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: GPS - (...) [HKLM] -- GPS
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Image Resizer Packages - (...) [HKCU] -- Image Resizer Packages
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 19 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AquaSoft]
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GPS Aquarius]
[HKCU\Software\GbAs]
[HKCU\Software\PDF reDirect]
[HKLM\Software\AquaSoft]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 167 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/03/2014 - 18:54:21 - [0] -SH-D C:\Program Files\39f
O43 - CFD: 25/01/2014 - 19:45:01 - [49,342] ----D C:\Program Files\AquaSoft
O43 - CFD: 27/01/2014 - 13:56:21 - [9,657] ----D C:\Program Files\AskPartnerNetwork
O43 - CFD: 17/02/2014 - 20:12:27 - [65,186] ----D C:\Program Files\GPS Aquarius
O43 - CFD: 05/02/2014 - 09:21:28 - [12,583] ----D C:\Program Files\PDF reDirect
O43 - CFD: 12/03/2014 - 17:03:13 - [8,843] ----D C:\Program Files\Programas RFB
O43 - CFD: 25/01/2014 - 09:50:43 - [1,144] ----D C:\Program Files\SRP
O43 - CFD: 27/01/2014 - 13:55:47 - [0] ----D C:\ProgramData\APN
O43 - CFD: 27/01/2014 - 13:56:21 - [0,669] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 11/02/2014 - 19:06:51 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 21/02/2014 - 16:45:58 - [0] ----D C:\ProgramData\PDF reDirect
O43 - CFD: 22/02/2014 - 14:06:24 - [1,063] ----D C:\Users\CMF\AppData\Roaming\1H1Q
O43 - CFD: 24/03/2014 - 17:33:57 - [0] -SH-D C:\Users\CMF\AppData\Roaming\26fb
O43 - CFD: 25/01/2014 - 19:45:31 - [11,184] ----D C:\Users\CMF\AppData\Roaming\AquaSoft
O43 - CFD: 05/02/2014 - 09:07:35 - [2,546] ----D C:\Users\CMF\AppData\Roaming\PDF reDirect
O43 - CFD: 17/02/2014 - 20:12:42 - [0,005] ----D C:\Users\CMF\AppData\Local\GPS Aquarius
O43 - CFD: 27/01/2014 - 16:48:14 - [0,024] ----D C:\Users\CMF\AppData\Local\QuickStores
O43 - CFD: 12/03/2014 - 17:02:25 - [0,004] ----D C:\Users\CMF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 151 Legitimates Filtered in 01mn 55s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D318F1B85E555DA2C5EEF6C1B41508DF] - 12/03/2014 - 17:03:16 ---A- . (...) -- C:\Windows\REC-NET.INI [176]
O44 - LFC:[MD5.954A074876D061B23428E927F14D2FAB] - 18/03/2014 - 19:39:28 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147848]
O44 - LFC:[MD5.962F4A53D0A3E4AB3F89113324AC5E14] - 18/03/2014 - 19:39:28 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706008]
O44 - LFC:[MD5.3B2B2E48C5F8F0E2886E00BD15B8B471] - 24/03/2014 - 18:02:52 ---A- . (...) -- C:\Windows\ntbtlog.txt [794260]
O44 - LFC:[MD5.A2CB40CDD8BA0B3617F167538DDAE8CA] - 24/03/2014 - 18:03:57 ---A- . (...) -- C:\Windows\Filzip.ini [41]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 25/03/2014 - 14:48:59 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
~ Files: 45 Legitimates Filtered in 00mn 07s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 1 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 25/01/2014 - 15:32:42 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 25/01/2014 - 15:32:42 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.124F691F37B131EB77785A176F565511] - 27/07/2012 - 17:22:54 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [268176]
O58 - SDL:[MD5.E87F31116298D4D4839E50FCE87B9F6F] - 22/11/2013 - 08:48:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 25/03/2014 - 14:48:59 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 06s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 22/11/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 79 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.06620160CE37FC4B1839841C51B1CA93] [SPRF][11/02/2014] (...) -- C:\Users\CMF\AppData\Roaming\unins000.dat [15393]
[MD5.7C2D37AB893BFA6713B64D06988777FE] [SPRF][11/02/2014] (.No owner - Setup/Uninstall.) -- C:\Users\CMF\AppData\Roaming\unins000.exe [720594]
~ Files: 7 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "D2A425F473650034677A7A857BC0A030" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-4300-76A7-A758B70C0A03}\ToolbarIcon.exe =>Toolbar.Ask
O90 - PUC: "DA3D868ED3F04714B9DE319B29AEFB0C" . (.AquariusPlus.) -- C:\Windows\Installer\{E868D3AD-0F3D-4174-9BED-13B992EABFC0}\app_icon.ico
~ Update Products: 74 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.883B0AA9E478B511FCB55F04947552A9] [WIS][08/02/2014] (.GPS Aquarius - AquariusPlus.) -- C:\Windows\Installer\10d5c8.msi [26882048]
[MD5.F221058C3188B03433EBD81618265EBA] [WIS][20/02/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\292d7.msi [463872] =>Toolbar.Ask
~ WIS: 75 Legitimates Filtered in 00mn 14s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 25/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/01/2014 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/12/2012 627744 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 18/04/2003 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 12/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/02/2014 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
SR - | Auto 25/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 22/11/2013 449592 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 10/12/2012 583680 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 25/01/2014 279000 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 25/01/2014 366040 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 17s

---\\ Scâner Aditional (088)
Database Version : 13031 - (25/03/2014)
Clés trouvées (Keys found) : 11
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 2

[HKLM\Software\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop] =>Toolbar.Ask^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-4300-76A7-A758B70C0A03}] =>Toolbar.Ask^
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^
C:\Users\CMF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop =>Toolbar.Ask^
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
C:\Windows\Installer\292d7.msi =>Toolbar.Ask^
~ Additionnel Scan: 291792 Items scanned in 00mn 52s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BProtector
~ MSI: 3 link(s) detected in 00mn 00s

~ 967 Legitimates filtered by white list
End of the scan (536 lines in 05mn 04s)(0)

por **Power Max** Ter 25 Mar 2014, 15:21

Você não fez o que pedi. O que pedi é que executasse o Usbfix e postasse o relatório dele que estará em C:\UsbFix.txt

Também pedi que copie o texto em vermelho, cole-o no ZHPFix e depois da limpeza poste também o relatório do ZHPFix.

por netoibest Ter 25 Mar 2014, 18:09

Em relação ao programa Foto3x4 conheço sim, um programa que uso para redimensionar fotos para 3x4, foto para documentos.

Esta ai o relatório do UsbFix

############################## | UsbFix V 7.167 | [Pesquisa]

Usuário: Neto (Administrador) # NETO-PC
Atualizado em 13/03/2014 por El Desaparecido - Team SosVirus
Começou em 17:52:59 | 25/03/2014

Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Changelog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Support : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

PC: MSI (880GMA-E35 (MS-7641))
CPU: AMD Athlon(tm) II X3 460 Processor
RAM -> [Total : 8191 Mo| Free : 5219 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 33.0.1750.154

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AS: Windows Defender [Enabled | (!) Outdated]
FW: Windows FireWall [(!) Disabled]

C:\ (%systemdrive%) -> Disco fixo # 149 Gb (80 Mb livre - 54%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disco fixo # 149 Gb (109 Mb livre - 73%) [] # NTFS
G:\ -> Disco removível # 4 Gb (4 Mb livre - 99%) [] # NTFS

################## | Processos Ativos |

C:\Windows\system32\csrss.exe (ID: 440 |ParentID: 432)
C:\Windows\system32\wininit.exe (ID: 500 |ParentID: 432)
C:\Windows\system32\csrss.exe (ID: 528 |ParentID: 516)
C:\Windows\system32\services.exe (ID: 568 |ParentID: 500)
C:\Windows\system32\winlogon.exe (ID: 600 |ParentID: 516)
C:\Windows\system32\lsass.exe (ID: 612 |ParentID: 500)
C:\Windows\system32\lsm.exe (ID: 620 |ParentID: 500)
C:\Windows\system32\svchost.exe (ID: 772 |ParentID: 568)
C:\Windows\system32\nvvsvc.exe (ID: 832 |ParentID: 568)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ID: 856 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 892 |ParentID: 568)
C:\Windows\System32\svchost.exe (ID: 972 |ParentID: 568)
C:\Windows\System32\svchost.exe (ID: 252 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 424 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 1056 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 1152 |ParentID: 568)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 1244 |ParentID: 832)
C:\Windows\system32\nvvsvc.exe (ID: 1252 |ParentID: 832)
C:\Windows\System32\spoolsv.exe (ID: 1420 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 1464 |ParentID: 568)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1540 |ParentID: 568)
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (ID: 1616 |ParentID: 568)
C:\Windows\system32\Dwm.exe (ID: 1764 |ParentID: 252)
C:\Windows\Explorer.EXE (ID: 1796 |ParentID: 1732)
C:\Windows\system32\taskhost.exe (ID: 1880 |ParentID: 568)
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (ID: 1968 |ParentID: 568)
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ID: 2032 |ParentID: 568)
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (ID: 1500 |ParentID: 568)
C:\Program Files (x86)\baidu\Spark\sparkservice.exe (ID: 1752 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 1720 |ParentID: 568)
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (ID: 1656 |ParentID: 568)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2080 |ParentID: 1796)
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (ID: 2096 |ParentID: 1796)
C:\Windows\System32\wscript.exe (ID: 2128 |ParentID: 1796)
C:\Windows\System32\wscript.exe (ID: 2148 |ParentID: 1796)
C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe (ID: 2184 |ParentID: 1796)
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (ID: 2244 |ParentID: 1796)
C:\Program Files (x86)\MCShield\MCShieldRTM.exe (ID: 2432 |ParentID: 1796)
C:\Windows\system32\rundll32.exe (ID: 2560 |ParentID: 2480)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID: 2852 |ParentID: 1244)
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (ID: 2412 |ParentID: 2468)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 1532 |ParentID: 2468)
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (ID: 2164 |ParentID: 568)
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (ID: 3296 |ParentID: 2164)
C:\Windows\system32\SearchIndexer.exe (ID: 3492 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 3652 |ParentID: 568)
C:\Windows\System32\svchost.exe (ID: 3844 |ParentID: 568)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4060 |ParentID: 568)
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (ID: 4316 |ParentID: 2164)
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ID: 4568 |ParentID: 2032)
C:\Windows\system32\conhost.exe (ID: 4596 |ParentID: 528)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 4780 |ParentID: 1796)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 5104 |ParentID: 4780)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 3216 |ParentID: 4780)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 4564 |ParentID: 4780)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 3036 |ParentID: 4780)
C:\Windows\System32\svchost.exe (ID: 3444 |ParentID: 568)
C:\Windows\system32\wuauclt.exe (ID: 2576 |ParentID: 424)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 4980 |ParentID: 568)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 5724 |ParentID: 4780)
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (ID: 676 |ParentID: 1796)
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (ID: 2368 |ParentID: 1796)
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (ID: 3184 |ParentID: 2368)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 4380 |ParentID: 4780)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 5984 |ParentID: 4780)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 5496 |ParentID: 4780)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3992 |ParentID: 772)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 5736 |ParentID: 4780)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 3600 |ParentID: 4780)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 3836 |ParentID: 4780)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 5932 |ParentID: 4780)
C:\Windows\system32\taskhost.exe (ID: 4408 |ParentID: 568)
C:\Windows\system32\SearchProtocolHost.exe (ID: 5448 |ParentID: 3492)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 1432 |ParentID: 4780)
C:\Program Files (x86)\baidu\Spark\Spark.exe (ID: 4764 |ParentID: 4780)
C:\Windows\System32\WUDFHost.exe (ID: 5744 |ParentID: 252)
C:\Program Files (x86)\MCShield\mcshieldds.exe (ID: 1168 |ParentID: 2432)
C:\Windows\system32\SearchFilterHost.exe (ID: 3984 |ParentID: 3492)
c:\program files\windows defender\MpCmdRun.exe (ID: 3424 |ParentID: 5076)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [uTorrent] "C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : [Facebook Update] "C:\Users\Neto\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKCU\..\Run : []
04 - HKCU\..\Run : [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
04 - HKCU\..\Run : [AdobeBridge]
04 - HKCU\..\Run : [Defrag] "C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe" AutoStart 1
04 - HKCU\..\Run : [Virus] wscript.exe //B "C:\Users\Neto\AppData\Local\Temp\Virus.vbe"
04 - HKCU\..\Run : [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
04 - HKCU\..\Run : [Fotos Slides Movie] wscript.exe //B "C:\Users\Neto\AppData\Local\Temp\Fotos Slides Movie.vbe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\..\Run : [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\RunOnce : []
04 - [64bit] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [64bit] HKLM\..\Run : [AutoKMS] C:\Windows\AutoKMS.exe
04 - [64bit] HKLM\..\Run : [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
04 - [64bit] HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - [64bit] HKLM\..\Run : [Fotos Slides Movie] wscript.exe //B "C:\Users\Neto\AppData\Local\Temp\Fotos Slides Movie.vbe"
04 - [64bit] HKLM\..\Run : [Virus] wscript.exe //B "C:\Users\Neto\AppData\Local\Temp\Virus.vbe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [uTorrent] "C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [Facebook Update] "C:\Users\Neto\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : []
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [AdobeBridge]
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [Defrag] "C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe" AutoStart 1
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [Virus] wscript.exe //B "C:\Users\Neto\AppData\Local\Temp\Virus.vbe"
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [Fotos Slides Movie] wscript.exe //B "C:\Users\Neto\AppData\Local\Temp\Fotos Slides Movie.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Procura genérica |

Presente ! C:\Users\Neto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fotos Slides Movie.vbe
Presente ! C:\Users\Neto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virus.vbe
Presente ! C:\Users\Neto\AppData\Local\Temp\Fotos Slides Movie.vbe
Presente ! C:\Users\Neto\AppData\Local\Temp\Virus.vbe
Presente ! G:\Fotos Slides Movie.vbe
Presente ! G:\Virus.vbe
Presente ! G:\Curriculum.lnk
Presente ! G:\Virus.lnk

################## | Registro |

Presente ! HKU\S-1-5-21-1464094912-500982220-4094319322-1000\Software\Microsoft\Windows\CurrentVersion\Run|Fotos Slides Movie
Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Fotos Slides Movie
Presente ! HKU\S-1-5-21-1464094912-500982220-4094319322-1000\Software\Microsoft\Windows\CurrentVersion\Run|Virus
Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Virus

################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |

E aqui o relatório do ZHPFix o " texto vermelho "

Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by Neto at 25/03/2014 18:04:11
High Elevated Privileges : OK
Windows Vista Ultimate Edition, 64-bit (Build 6000)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\Neto\AppData\Local\f3d73e43-a7ad-4112-960e-78fc74668666\f3d73e43-a7ad-4112-960e-78fc74668666.exe

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\ExpressFiles
ELIMINÉ: HKCU\Software\lollipop
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Virus
ELIMINÉ: HKLM\Software\Wow6432Node\Conduit
ELIMINÉ: HKLM\Software\Wow6432Node\ExpressFiles
ELIMINÉ CLSID MPSK: {33e5f441-875c-11e3-b359-6c626df42974}
ELIMINÉ CLSID MPSK: {40378408-85ce-11e3-ac86-6c626df42974}
ELIMINÉ:* HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
ELIMINÉ: HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
ELIMINÉ:* HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
ELIMINÉ: HKLM\Software\Classes\Updater.AmiUpd
ELIMINÉ: HKLM\Software\Classes\Updater.AmiUpd.1
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
ELIMINÉ: HKCU\Software\Baidu Security

========== Valores do Registo ==========
ELIMINÉ RunValue: AutoKMS
ELIMINÉ RunValue: Fotos Slides Movie
ELIMINÉ RunValue: Virus
ELIMINÉ RunValue: AdobeBridge
ELIMINÉ: TCP Query User{EB53C69E-0653-44D4-8A67-EA786DEDA72F}C:\windows\kmsemulator.exe
ELIMINÉ: UDP Query User{4202904F-C592-4356-B760-39A0C878AB70}C:\windows\kmsemulator.exe
ELIMINÉ: {8BA20364-CFAF-4623-8BE2-E8D46D8F48BE}
ELIMINÉ: {6F4297CB-7879-4293-A2AD-5C0B08DA7C11}
ELIMINÉ: {E2ECAFB6-998D-470F-BF2E-26564EC63D9A}
ELIMINÉ: {3BDB8EE2-7A86-4383-AAEC-8AB391A564B1}
ELIMINÉ: TCP Query User{6CCA4928-0F1E-4903-9022-C37C3BD6DAF3}C:\program files (x86)\youwave_android\vb\vboxsdl.exe
ELIMINÉ: UDP Query User{6F30E1CC-B61E-4B8C-9F78-3A2C2C84239A}C:\program files (x86)\youwave_android\vb\vboxsdl.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\wscript.exe
ELIMINÉ: c:\windows\tasks\amiupdxp.job
ELIMINÉ Temporários windows (15) (442.880 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: AmiUpdXp
ELIMINÉ: AmiUpdXp
ELIMINÉ: Express FilesUpdate
ELIMINÉ: {2D72A906-EB31-4832-BD3F-366963441A60}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
1 : Processo memória
20 : Chaves do Registo
18 : Valores do Registo
1 : Pastas
4 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema

End of clean in 00mn 28s

========== Caminho do ficheiro do relatório ==========
C:\Users\Neto\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25/03/2014 11:38:41 [1682]
C:\Users\Neto\AppData\Roaming\ZHP\ZHPFix[R2].txt - 25/03/2014 18:04:15 [3364]

por **Power Max** Qua 26 Mar 2014, 10:41

No caso do Usbfix você usou só a função de pesquisa dele.

Abra novamente o Usbfix > clique no botão Supressão > e vá seguindo os passos indicados no tutorial que lhe passei.

Depois disto poste o novo relatório do Usbfix.

por netoibest Qua 26 Mar 2014, 12:13

Está aí:

############################## | UsbFix V 7.167 | [Supressão]

Usuário: Neto (Administrador) # NETO-PC
Atualizado em 13/03/2014 por El Desaparecido - Team SosVirus
Começou em 12:05:31 | 26/03/2014

Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Changelog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Support : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

PC: MSI (880GMA-E35 (MS-7641))
CPU: AMD Athlon(tm) II X3 460 Processor
RAM -> [Total : 8191 Mo| Free : 6825 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 33.0.1750.154

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AS: Windows Defender [Enabled | (!) Outdated]
FW: Windows FireWall [(!) Disabled]

C:\ (%systemdrive%) -> Disco fixo # 149 Gb (80 Mb livre - 54%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disco fixo # 149 Gb (109 Mb livre - 73%) [] # NTFS
G:\ -> Disco removível # 4 Gb (4 Mb livre - 99%) [] # NTFS

################## | Processos Ativos |

C:\Windows\system32\csrss.exe (ID: 440 |ParentID: 432)
C:\Windows\system32\wininit.exe (ID: 504 |ParentID: 432)
C:\Windows\system32\csrss.exe (ID: 528 |ParentID: 516)
C:\Windows\system32\winlogon.exe (ID: 568 |ParentID: 516)
C:\Windows\system32\services.exe (ID: 616 |ParentID: 504)
C:\Windows\system32\lsass.exe (ID: 624 |ParentID: 504)
C:\Windows\system32\lsm.exe (ID: 636 |ParentID: 504)
C:\Windows\system32\svchost.exe (ID: 732 |ParentID: 616)
C:\Windows\system32\nvvsvc.exe (ID: 796 |ParentID: 616)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ID: 820 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 864 |ParentID: 616)
C:\Windows\System32\svchost.exe (ID: 960 |ParentID: 616)
C:\Windows\System32\svchost.exe (ID: 996 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 120 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 748 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 1108 |ParentID: 616)
C:\Windows\System32\spoolsv.exe (ID: 1280 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 1308 |ParentID: 616)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1420 |ParentID: 616)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 1460 |ParentID: 796)
C:\Windows\system32\nvvsvc.exe (ID: 1468 |ParentID: 796)
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (ID: 1544 |ParentID: 616)
C:\Windows\system32\taskhost.exe (ID: 1656 |ParentID: 616)
C:\Windows\system32\taskeng.exe (ID: 1728 |ParentID: 120)
C:\Windows\system32\Dwm.exe (ID: 1780 |ParentID: 996)
C:\Windows\Explorer.EXE (ID: 1848 |ParentID: 1760)
C:\Windows\system32\runonce.exe (ID: 2012 |ParentID: 1848)
C:\Windows\SysWOW64\runonce.exe (ID: 2024 |ParentID: 2012)
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (ID: 1776 |ParentID: 616)
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ID: 2040 |ParentID: 616)
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (ID: 1628 |ParentID: 616)
C:\Windows\system32\rundll32.exe (ID: 1100 |ParentID: 1640)
C:\Program Files (x86)\baidu\Spark\sparkservice.exe (ID: 2100 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 2128 |ParentID: 616)
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (ID: 2156 |ParentID: 616)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2376 |ParentID: 732)
C:\Windows\System32\WUDFHost.exe (ID: 2664 |ParentID: 996)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID: 2960 |ParentID: 1460)
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ID: 2976 |ParentID: 2040)
C:\Windows\system32\conhost.exe (ID: 2988 |ParentID: 528)
C:\Windows\System32\rundll32.exe (ID: 2996 |ParentID: 732)
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (ID: 3068 |ParentID: 3052)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [uTorrent] "C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : [Facebook Update] "C:\Users\Neto\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKCU\..\Run : []
04 - HKCU\..\Run : [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
04 - HKCU\..\Run : [Defrag] "C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe" AutoStart 1
04 - HKCU\..\Run : [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
04 - HKCU\..\Run : [Virus] wscript.exe //B "C:\Users\Neto\AppData\Local\Temp\Virus.vbe"
04 - HKCU\..\Run : [Fotos Slides Movie] wscript.exe //B "C:\Users\Neto\AppData\Local\Temp\Fotos Slides Movie.vbe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\..\Run : [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [64bit] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [64bit] HKLM\..\Run : [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
04 - [64bit] HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [uTorrent] "C:\Users\Neto\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [Facebook Update] "C:\Users\Neto\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : []
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [Defrag] "C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe" AutoStart 1
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [Virus] wscript.exe //B "C:\Users\Neto\AppData\Local\Temp\Virus.vbe"
04 - HKU\S-1-5-21-1464094912-500982220-4094319322-1000\..\Run : [Fotos Slides Movie] wscript.exe //B "C:\Users\Neto\AppData\Local\Temp\Fotos Slides Movie.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Procura genérica |

Supprimido ! C:\Users\Neto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fotos Slides Movie.vbe
Supprimido ! C:\Users\Neto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virus.vbe
Supprimido ! C:\Users\Neto\AppData\Local\Temp\Fotos Slides Movie.vbe
Supprimido ! C:\Users\Neto\AppData\Local\Temp\Virus.vbe
Supprimido ! G:\Fotos Slides Movie.vbe
Supprimido ! G:\Virus.vbe
Supprimido ! G:\Curriculum.lnk
Supprimido ! G:\Fotos Slides Movie.lnk
Supprimido ! G:\Virus.lnk

(!) Ficheiros temporários suprimido.

################## | Registro |

Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Supprimido ! HKU\S-1-5-21-1464094912-500982220-4094319322-1000\Software\Microsoft\Windows\CurrentVersion\Run|Fotos Slides Movie
Supprimido ! HKU\S-1-5-21-1464094912-500982220-4094319322-1000\Software\Microsoft\Windows\CurrentVersion\Run|Virus

################## | Listing |

[19/01/2014 - 23:06:08 | SHD] - C:\$Recycle.Bin
[26/03/2014 - 11:44:27 | N | 0 Ko] - C:\Archive.ini
[19/01/2014 - 22:19:02 | D] - C:\Arquivos de programas
[19/01/2014 - 18:40:49 | A | 0 Ko] - C:\AUTOEXEC.BAT
[02/02/2014 - 22:49:31 | SHD] - C:\Boot
[19/01/2014 - 18:42:47 | N | 0 Ko] - C:\Boot.BAK
[20/01/2014 - 04:52:40 | N | 0 Ko] - C:\Boot.ini.saved
[14/04/2008 - 07:00:00 | N | 5 Ko] - C:\Bootfont.bin
[20/11/2010 - 09:40:07 | RASH | 375 Ko] - C:\bootmgr
[20/01/2014 - 04:52:41 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[19/01/2014 - 18:40:49 | N | 0 Ko] - C:\CONFIG.SYS
[20/03/2014 - 13:23:57 | D] - C:\Data Recovery 2014-03-20 at 13.23.45
[14/07/2009 - 02:08:56 | SHD] - C:\Documents and Settings
[20/03/2014 - 12:33:11 | D] - C:\Downloads
[11/03/2014 - 18:10:14 | N | 1 Ko] - C:\fraglist.luar
[20/01/2014 - 08:21:41 | N | 199 Ko] - C:\grldr
[26/03/2014 - 12:04:41 | ASH | 6290824 Ko] - C:\hiberfil.sys
[19/01/2014 - 18:40:49 | RASH | 0 Ko] - C:\IO.SYS
[19/01/2014 - 18:40:49 | RASH | 0 Ko] - C:\MSDOS.SYS
[20/01/2014 - 09:00:41 | RHD] - C:\MSOCache
[14/04/2008 - 07:00:00 | N | 46 Ko | B2DE3452DE03674C6CEC68B8C8CE7C78] - C:\NTDETECT.COM
[14/04/2008 - 07:00:00 | RASH | 246 Ko] - C:\ntldr
[20/01/2014 - 09:25:51 | D] - C:\NVIDIA
[26/03/2014 - 12:04:43 | ASH | 8387768 Ko] - C:\pagefile.sys
[14/07/2009 - 00:20:08 | D] - C:\PerfLogs
[20/03/2014 - 19:33:24 | D] - C:\Program Files
[25/03/2014 - 18:04:09 | D] - C:\Program Files (x86)
[25/03/2014 - 18:04:09 | HD] - C:\ProgramData
[19/01/2014 - 23:05:27 | SHD] - C:\Recovery
[25/03/2014 - 18:03:58 | SHD] - C:\System Volume Information
[25/03/2014 - 17:52:43 | D] - C:\UsbFix
[26/03/2014 - 12:11:04 | A | 10 Ko | 05378696A8BF6FECD278E62608CD84E6] - C:\UsbFix [Clean 2] NETO-PC.txt
[25/03/2014 - 17:57:15 | N | 12 Ko | 9023C97943F0C26248B7BEC0EF199D59] - C:\UsbFix [Scan 1] NETO-PC.txt
[20/01/2014 - 09:47:37 | D] - C:\Users
[20/03/2014 - 19:33:23 | D] - C:\Windows
[20/01/2014 - 04:44:01 | D] - C:\Windows.old
[20/01/2014 - 08:21:43 | N | 0 Ko] - C:\winx.ld
[19/01/2014 - 23:59:54 | SHD] - E:\$RECYCLE.BIN
[06/02/2014 - 17:38:16 | D] - E:\Arquivos
[11/02/2014 - 17:41:59 | D] - E:\FFOutput
[01/02/2014 - 20:31:14 | D] - E:\Filmes
[25/12/2013 - 00:23:54 | SHD] - E:\System Volume Information
[21/03/2014 - 15:15:09 | N | 69 Ko] - G:\Curriculum.doc

################## | Vaccin |

E:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
G:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |

por **Power Max** Qua 26 Mar 2014, 12:43

Como está seu PC depois destas limpezas?

por netoibest Qua 26 Mar 2014, 13:04

notei que o pc melhorou o desempenho, o virus que estava no pen driver, já não esta mais lá, a unica coisa que se encontra em oculto no pen driver, e o arquivo auto rum do UsbFix, Poderia me indicar algum anti vírus para o meu pc ? Pois desinstalei o baidu !

por **Power Max** Qua 26 Mar 2014, 13:12

notei que o pc melhorou o desempenho, o virus que estava no pen driver, já não esta mais lá

Fico feliz que o problema tenha sido resolvido.
____________________________________________________________________________________

a única coisa que se encontra em oculto no pendrive é o arquivo autorun do UsbFix

Esta é uma vacina criada pelo Usbfix para ajudar a evitar novas infecções.
__________________________________________________________________________________________________________

Poderia me indicar algum anti vírus para o meu pc ? Pois desinstalei o baidu!

Sugiro para você um ótimo antivirus gratuito, que é o Avira.

Para instalar, configurar e usar corretamente o Avira antivir é só seguir as dicas destes tutoriais:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________

Virus do Fotos Slides Movie, como usar o ZHPDiag 772309

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Virus do Fotos Slides Movie, como usar o ZHPDiag 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Virus do Fotos Slides Movie, como usar o ZHPDiag 648673379

Foi um prazer ajudar. Conte sempre conosco!

por **Power Max** Sáb 05 Abr 2014, 23:28

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Virus do Fotos Slides Movie, como usar o ZHPDiag