Erro http 404.0 - Not Found

Caro Power Max,

Boa Tarde.

Estou com um problema sério que vem me afligindo, que traduziria como "de mãos atadas". Em todos os navegadores de que disponho (Internet Explorer, Google Chrome e Mozila Firefox) , não consigo fazer downloads. Em todos eles, assim que inicio, aparece a informação:

"Erro do Servidor no Aplicativo "DEFAULT WEB SITE" - Erro HTTP 404.0 - Not Found -  Código de Erro:  0x80070002  -   Erro do  IIS 7.5 ".

Também, não raras vezes, a navegação está travando.  Aparece a expressão "Internet Exlorer não está respondendo...".

Tento fazer a Restauração da Máquina e não obtenho sucesso. Aparece a expressão: "Erro não especificado durante a Restauração do Sistema (0xc0000022).

Com vistas a lhe subsidiar, já lhe adianto os diagnósticos abaixo (ZHPDiag e HijackThis). No caso de não se relacionarem com o problema, fico no aguardo de iminente orientação de sua parte.

Um abraço.





~ Relatório do ZHPDiag v2014.4.2.1 - Nicolas Coolman  (02/04/2014)
~ Iniciado por Haroldo (02/04/2014 15:44:50)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 27.0.1 (Defaut)
GCIE: Google Chrome v35.0.1916.6

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Internet Security v9.0.2016
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.10  =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766.8 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 72 GB (38%) free of 187 GB

---\\ Modo de conexão ao sistema
~ Computer Name: HAROLDO-PC
~ User Name: Haroldo
~ All Users Names: HomeGroupUser$, Haroldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Haroldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Haroldo\AppData\Roaming\
~ %Desktop% : C:\Users\Haroldo\Desktop\
~ %Favorites% : C:\Users\Haroldo\Favorites\
~ %LocalAppData% : C:\Users\Haroldo\AppData\Local\
~ %StartMenu% : C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 72 Go of 187 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 98 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/354
~ Mes musiques (My Musics) : 1/46
~ Mes Videos (My Videos) : 2/919
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 1/381
~ Mon Bureau (My Desktop) : 1/56
~ Menu demarrer (Programs) : 1/40
~ Hidden Files:  Scanned in 00mn 11s



---\\ Processos lançados
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3854640] [PID.2712]
[MD5.C1DB9BDF885C2F1ADC15264FBEA2788F] - (.No owner - HOSTS Anti-PUPs/Adwares.) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe   [302961] [PID.2752]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.2824]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe   [152392] [PID.2868]
[MD5.CF737574A69D13575716270B38C4E804] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe   [32667896] [PID.2892]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe   [295512] [PID.2972]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe   [532040] [PID.864]
[MD5.8BDE4D8070DA969AF18F526FB70D1A2C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8181760] [PID.5040]
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe   [520520] [PID.968]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [50344] [PID.1388]
[MD5.D58C10AFF2B5C09D615623A4DAC0E330] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe   [109048] [PID.1712]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [43336] [PID.2020]
[MD5.974A1F783ED34588B45FAD6375077BA6] - (.Hewlett-Packard Company - SolutionsFrameworkService.) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe   [46904] [PID.804]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe   [418376] [PID.1420]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe   [701512] [PID.724]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.2228]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [llbmigfomppbjkjlabpacbhlahacjbkc] Zconvert B2 v.10.26.9.505, (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [njpdihflgmglegkpohjkbaalmiaofdje] FileConverter 1.1 B3 v.10.26.9.505, (Désactivé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.2.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 21 Legitimates Filtered in 00mn 05s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.CertifiedToolbar
~ IE Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1344



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Bnb [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540014} . (.Banco do Nordeste do Brasil S.A. - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehbnb.dll
~ BHO: 15 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll  =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.)  -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Guitar Pro 6.lnk . (...)  -- C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
O4 - GS\Desktop [Public]: HP ePrinterCenter.lnk . (...)  -- C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url
O4 - GS\Desktop [Public]: HP Print and Scan Doctor.lnk . (...)  -- C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
O4 - GS\Desktop [Public]: Java Web Start.lnk . (...)  -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe
O4 - GS\Desktop [Public]: Loja de Suprimentos HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.)  -- C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.)  -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PowerISO.lnk . (.Power Software Ltd - PowerISO.)  -- C:\Program Files (x86)\PowerISO\PowerISO.exe
O4 - GS\Desktop [Public]: Receitanet 1.03 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.)  -- C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: VDownloader.lnk . (.Vitzo - VDownloader.)  -- C:\Program Files\VDownloader\VDownloader.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Haroldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Haroldo]: Guitar Pro 6.lnk . (...)  -- C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
O4 - GS\QuickLaunch [Haroldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Haroldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Haroldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Haroldo]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Haroldo]: 30 dicas para o Google Chrome - Parte 2 - Internet - iG.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Haroldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Program [Haroldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Haroldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Haroldo]: Transferência de Arquivo Bluetooth.LNK . (.Microsoft Corporation - No Comment.)  -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [Haroldo]: eType - Atalho.lnk - Chave orfã
O4 - GS\Desktop [Haroldo]: Gerenciador de documentos HP.lnk . (.Hewlett-Packard Development Co. L.P. - HP Document Manager Application.)  -- C:\Program Files (x86)\HP\Digital Imaging\bin\Document Manager\hpqdcmgr.exe
O4 - GS\Desktop [Haroldo]: hppiw - Atalho.lnk . (...)  -- C:\Users\Haroldo\Downloads\hppiw.exe
O4 - GS\Desktop [Haroldo]: iGBPCEFgb - Atalho.lnk . (...)  -- C:\Users\Haroldo\Downloads\iGBPCEFgb.exe (.not file.)
O4 - GS\Desktop [Haroldo]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Haroldo]: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...)  -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe
O4 - GS\Desktop [Haroldo]: JavaSetup7u25 - Atalho.lnk . (.Oracle Corporation - Java(TM) Platform SE binary.)  -- C:\Users\Haroldo\Downloads\JavaSetup7u25.exe
O4 - GS\Desktop [Haroldo]: RealDownloader - Atalho.lnk . (.RealNetworks, Inc. - RealNetworks Installer.)  -- C:\Users\Haroldo\Downloads\RealDownloader.exe
O4 - GS\Desktop [Haroldo]: Synthesia - Atalho (2).lnk . (...)  -- C:\Program Files (x86)\Synthesia\Synthesia.exe
O4 - GS\Desktop [Haroldo]: USB-Serial Controller D - Atalho.lnk - Chave orfã
~ Global Startup: 98 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Haroldo]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.)  -- C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe   =>.Dropbox
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [HOSTS Anti-Adware_PUPs] . (.No owner - HOSTS Anti-PUPs/Adwares.) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe   =>.RealNetworks, Inc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
~ Application:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bnb.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe  =>Hijacker.Office
~ Services: 14 Legitimates Filtered in 00mn 07s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{034272E9-5FEC-4514-A296-C85B01BFB84C}] (...) -- C:\Users\Haroldo\Downloads\iGBPCEFsf (1).exe (.not file.)   [0]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{630983C1-05B8-4F20-86CD-8D4CBB21A9B6}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe   [31232]
[MD5.27902E96B1E4661AB91F98434E408357] [APT] [{98FB337E-089B-4AAB-9FA2-ECF4075B703E}] (...) -- C:\Users\Haroldo\Downloads\ReceitanetJava2010.02d_setup_win32.exe   [3798462]
[MD5.00000000000000000000000000000000] [APT] [{BBC50839-8C50-48D6-880B-BC3D6465B7F6}] (...) -- C:\Users\Haroldo\Downloads\iGBPCEFgb.exe (.not file.)   [0]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{C6BA3CFF-5A65-409E-ABD3-40CDCF2FE6C3}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe   [135168]
[MD5.75527EA7A3B425057B56A6ED32235A49] [APT] [{CC33EF03-81DA-46CE-A364-A88BF0933152}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFsf.exe   [2546504]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{DB832CA8-2708-4467-8026-9429EC8018AA}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe   [135168]
[MD5.00000000000000000000000000000000] [APT] [{DF3EB321-207D-4CAE-A9D2-80F1F3A586ED}] (...) -- C:\Users\Haroldo\Downloads\iGBPCEFsf (2).exe (.not file.)   [0]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{F4AAB967-B985-4618-93A9-47D6C488AB70}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe   [135168]
~ Scheduled Task: 31 Legitimates Filtered in 00mn 08s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (badriver) . (. - .) - C:\Windows\System32\drivers\badriver.sys (.not file.)
O41 - Driver:  (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver:  (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys  =>Adware.BDSearch
O41 - Driver:  (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 87 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Codec Pack Packages - (...) [HKCU][64Bits] -- Codec Pack Packages
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva  - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 22 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5Oftwares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Baidu]  =>Adware.BDSearch
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKCU\Software\MiniGet]
[HKCU\Software\Pro-SoftNet]
[HKCU\Software\Start2me]
[HKCU\Software\WeDlMngr]  =>PUP.weDownloadManager
[HKCU\Software\Zugara Investment]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\OnLineTV Toolbar]
[HKLM\Software\Wow6432Node\Programas RFB]
[HKLM\Software\Wow6432Node\baidu]  =>Adware.BDSearch
~ Key Software: 320 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/04/2013 - 11:25:42 - [8.843] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 16/02/2014 - 11:17:02 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 31/03/2014 - 12:59:15 - [0.014] ----D C:\ProgramData\Baidu Security  =>Adware.BDSearch
O43 - CFD: 30/03/2014 - 07:41:47 - [0.052] ----D C:\ProgramData\cbc20199043e26f4
O43 - CFD: 11/02/2013 - 05:05:38 - [3.699] ----D C:\ProgramData\IDriveSync
O43 - CFD: 30/03/2014 - 07:41:46 - [2.007] ----D C:\ProgramData\InstallMate  =>PUP.Tarma
O43 - CFD: 29/03/2014 - 13:13:56 - [0] ----D C:\ProgramData\ParetoLogic  =>PUP.Paretologic
O43 - CFD: 12/02/2014 - 15:29:46 - [0.000] ----D C:\ProgramData\ProductData
O43 - CFD: 29/03/2014 - 10:18:06 - [0] ----D C:\ProgramData\Puresafe
O43 - CFD: 30/03/2014 - 07:41:46 - [0.004] ----D C:\ProgramData\sAfewweb  =>PUP.SafeWeb
O43 - CFD: 29/03/2014 - 11:35:02 - [0.000] ----D C:\ProgramData\WPM  =>PUP.WpManager
O43 - CFD: 04/02/2014 - 22:50:34 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 26/03/2014 - 05:58:14 - [0] ----D C:\Users\Haroldo\AppData\Roaming\baidu  =>Adware.BDSearch
O43 - CFD: 26/03/2014 - 05:58:13 - [2.821] ----D C:\Users\Haroldo\AppData\Roaming\Baidu Security  =>Adware.BDSearch
O43 - CFD: 12/02/2013 - 05:24:58 - [0.844] ----D C:\Users\Haroldo\AppData\Roaming\IDriveSync
O43 - CFD: 29/03/2014 - 09:28:46 - [0] ----D C:\Users\Haroldo\AppData\Roaming\ParetoLogic  =>PUP.Paretologic
O43 - CFD: 16/03/2013 - 02:22:48 - [0] ----D C:\Users\Haroldo\AppData\Roaming\PCF
O43 - CFD: 22/06/2013 - 14:34:40 - [26.460] ----D C:\Users\Haroldo\AppData\Local\{35A3A4F2-B792-11D6-A78A-00B0D0142050}
O43 - CFD: 12/04/2013 - 12:23:40 - [0.004] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
~ Program Folder: 230 Legitimates Filtered in 01mn 24s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.063D42714689B92821BE4CED71143D85] - 26/03/2014 - 07:50:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [157112]
O44 - LFC:[MD5.09229392AC7565BDE1589AB7332E6811] - 26/03/2014 - 07:50:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [739280]
~ Files: 32 Legitimates Filtered in 00mn 27s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VDownloader  [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
~ SMSR Keys: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.BC647F1F9DCE55B05B54683260ECE4FB] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys   [289952]
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 24/03/2014 - 22:37:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65776]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 24/03/2014 - 22:37:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [208928]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys   [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys   [34624]  =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys   [128992]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 13/03/2014 - 23:34:01 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys   [31088]
~ Drivers: 16 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter)  .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon)  .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON  =>Adware.BDSearch
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect)  .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
~ Legacy: 104 Legitimates Filtered in 00mn 01s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Beamrise.NWXK3OVJXTZ6HLOWY455TDRZ2Y> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Haroldo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.)  =>Hijacker.Beamrise
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.CertifiedToolbar
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll   [167784]
[MD5.54A09129F5DF69BBBA3095894DF6788C] [SPRF][02/08/2013] (.No owner - K-Lite Codec Pack Setup.) -- C:\Users\Haroldo\Desktop\K-Lite_Codec_Pack_975_Standard.exe   [14153812]
[MD5.DE5E4A4D53C61F987008A505C2E35A14] [SPRF][27/06/2013] (...) -- C:\Users\Haroldo\Desktop\uno_20130626-maz.bin   [2097152]
[MD5.A1975CC2E8AA6516408178BF7C008C21] [SPRF][16/09/2013] (...) -- C:\Users\Haroldo\Desktop\uno_20130916-maz.bin   [2097152]
[MD5.DE5E4A4D53C61F987008A505C2E35A14] [SPRF][10/02/2014] (...) -- C:\Users\Haroldo\Desktop\uno_20140206_sv-tec.bin   [2097152]
[MD5.EB337CDFA1E9B69F951A75631D2B484E] [SPRF][09/06/2010] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll   [113192]
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS:  - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.227869C36057138BEE2CED499155872F] [WIS][28/07/2013] (.TuneUp Software - TuneUp Utilities Language Pack (pt-BR).) -- C:\Windows\Installer\76dcb4.msi   [2547712]
[MD5.55AE59D648BE8E81535D97ED48D14678] [WIS][18/11/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\85ffc.msi   [522752]
~ WIS: 70 Legitimates Filtered in 00mn 17s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 15/03/2014 257928 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/09/2009 1420560 |  (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Auto 13/07/2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/07/2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2012 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 09/03/2014 285795 |  (HOSTS Anti-PUPs) . (...) - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Auto 10/07/1658 0 |  (KMService) . (...) - C:\Windows\system32\srvany.exe  =>Hijacker.Office
SS - | Demand 12/02/2014 118896 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation

SR - | Auto 12/02/2014 43336 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 24/03/2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 26/03/2014 109048 |  (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/02/2014 520520 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 17/12/2013 46904 |  (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SR - | Demand 21/02/2014 641352 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 04/04/2013 418376 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/08/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 21/09/2009 831760 |  (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Demand 10/07/1658 1255736 |  (WatAdminSvc) . (...) - C:\Windows\System32\Wat\WatAdminSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services:  Scanned in 00mn 19s



---\\ Scâner Aditional (088)
Database Version : 13036 - (02/04/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 8
Fichiers trouvés  (Files found) : 8

[HKLM\SYSTEM\CurrentControlSet\Services\KMService]   =>Hijacker.Office^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}   =>Toolbar.Google^
C:\ProgramData\Baidu Security   =>Adware.BDSearch^
C:\ProgramData\InstallMate   =>PUP.Tarma^
C:\ProgramData\ParetoLogic   =>PUP.Paretologic^
C:\ProgramData\sAfewweb   =>PUP.SafeWeb^
C:\ProgramData\WPM   =>PUP.WpManager^
C:\Users\Haroldo\AppData\Roaming\baidu   =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Roaming\Baidu Security   =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Roaming\ParetoLogic   =>PUP.Paretologic^
[HKCU\Software\Baidu Security]   =>Adware.BDSearch^
[HKCU\Software\Baidu]   =>Adware.BDSearch^
[HKCU\Software\WeDlMngr]   =>PUP.weDownloadManager^
[HKLM\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\baidu]   =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Local\Temp\GoogleToolbarInstaller1.log  =>PUP.Babylon
~ Additionnel Scan: 338748 Items scanned in 00mn 37s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.CertifiedToolbar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.weDownloadManager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Tarma
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Paretologic
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.WpManager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.Beamrise
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Babylon
~ MSI: 10 link(s) detected in 00mn 00s



~ 1277 Legitimates filtered by white list
End of the scan (576 lines in 03mn 55s)(0)





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:15, on 02/04/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Haroldo\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {ab5d199e-9659-47a2-930b-fc3b69061353} - (no file)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Bnb - {C41A1C0E-EA6C-11D4-B1B8-444553540014} - C:\Program Files (x86)\GbPlugin\gbiehbnb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {DF4AF0C8-1409-4ec1-A59C-26670F2029B7} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - Startup: Dropbox.lnk = Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: nel.bnb.gov.br
O15 - Trusted Zone: passare.bnb.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O20 - Winlogon Notify:  GbPluginBnb - C:\Program Files (x86)\GbPlugin\gbiehBnb.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HOSTS Anti-PUPs - Unknown owner - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10806 bytes

  Olá. Seja bem vindo ao Fórum PC Brasil.

 Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Caro Power Max,

Apliquei o recurso "Redefinir" voltando no tempo em que todo o sistema foi instalado no meu pc.  Com isto, o problema de "O Internet Explorer não está respondendo..." foi solucionado.  Recuperação não foi mais preciso, pelo motivo retro mencionado. Nada obstante, em alguns "downloads", a tela "Erro HTTP 404.0 - Not Found...- Código de Erro : 0x80070002 - Erro do IIS 7.5" ainda aparece. Não sei bem se estou fazendo algum procedimento incorreto.

Assim sendo, para melhor apreciação do problema, posto-lhe o relatório como solicitado, ficando no aguardo de sua resposta.



# AdwCleaner v3.023 - Relatório criado 07/04/2014 às 18:04:19
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Haroldo - HAROLDO-PC
# Executando de : C:\Users\Haroldo\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\ParetoLogic
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\Users\Haroldo\AppData\Local\torch
Pasta Deletada : C:\Users\Haroldo\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Haroldo\AppData\Roaming\DriverCure
Pasta Deletada : C:\Users\Haroldo\AppData\Roaming\ParetoLogic
Pasta Deletada : C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\llbmigfomppbjkjlabpacbhlahacjbkc
Pasta Deletada : C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpdihflgmglegkpohjkbaalmiaofdje
Arquivo Deletada : C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\llbmigfomppbjkjlabpacbhlahacjbkc
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\llbmigfomppbjkjlabpacbhlahacjbkc
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\njpdihflgmglegkpohjkbaalmiaofdje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\njpdihflgmglegkpohjkbaalmiaofdje
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\simplytech
Chave Deletedo : HKCU\Software\WEDLMNGR
Chave Deletedo : HKCU\Software\AppDataLow\Software\simplytech

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16521

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ Arquivo : C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


[ Arquivo : C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ Arquivo : C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R6].txt - [5588 octets] - [07/04/2014 17:55:31]
AdwCleaner[S6].txt - [3528 octets] - [07/04/2014 18:04:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [3588 octets] ##########

 Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Caro Power Max,

Estou postando-lhe o log gerado pelo Zoek.exe, cfe. sua solicitação:



Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Haroldo on 10/04/2014 at 16:58:54.77.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Haroldo\Downloads\zoek.exe    [Scan all users] [Script inserted]

==== System Restore Info ======================

10/04/2014 17:03:12 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\extensions\prefs.js:
user_pref("browser.search.order.1", "Improved Search");

Added to C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\tvtiqzcf.default\prefs.js:

Added to C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\tvtiqzcf.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\Users\Haroldo\daemonprocess.txt deleted
C:\Users\Haroldo\.android deleted
C:\PROGRA~2\Coupons deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Haroldo\AppData\Local\BIT49CD.tmp deleted
C:\Users\Haroldo\AppData\Local\CRE deleted
C:\Users\Haroldo\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted
C:\Users\Haroldo\AppData\LocalLow\ADSRemoval deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\user.js deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\extensions\ftdownloader4@ftdownloader.com.xpi deleted
C:\Users\Haroldo\Desktop\RealDownloader - Atalho.lnk deleted
"C:\PROGRA~3\cbc20199043e26f4\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~3\cbc20199043e26f4\{497C131E-2032-051B-B32A-C69A960FBB13}" deleted
"C:\PROGRA~3\cbc20199043e26f4\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\PROGRA~3\cbc20199043e26f4" deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03/04/2014 02:28]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [17/01/2014 09:34]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\tvtiqzcf.default
- RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default
95812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
257E7BD1D90C987F5F2DDC1CCB185DC3 - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
406106D91D3F86FD34EC194940855746 - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal

Profilepath: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default
95812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
257E7BD1D90C987F5F2DDC1CCB185DC3 - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
406106D91D3F86FD34EC194940855746 - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gkcbebbklfkjeocpmoamnopdllfekind - C:\Users\Haroldo\AppData\Roaming\M-Downloader\Extensions\gdchrome.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24/03/2014 22:36]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
pcidejejpblipcjpnkfkddlkmgndblch - C:\Users\Haroldo\AppData\Roaming\M-Downloader\Extensions\GenCrawler.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[01/03/2013 15:06]

Cut and Paste - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - Administrador\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - Administrador\AppData\Local\Torch\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - Administrador\AppData\Local\Torch\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - Convidado\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - Convidado\AppData\Local\Torch\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - Convidado\AppData\Local\Torch\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - Haroldo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - Haroldo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - Haroldo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
RealDownloader - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
Cut and Paste - Haroldo\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - Haroldo\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - Haroldo\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili
Cut and Paste - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
saafEweB - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kknanbeegipnnnegjldfhlhdgapebcgf
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili

==== Chrome Fix ======================

C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\Haroldo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\Haroldo\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mkjgahkiopihdcmoegnmedfaepnkgili deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com.br/"
"Search Page"="http://br.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186"
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186"
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
"(Default)"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"newtab"="about:tabs"
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"newtab"="about:tabs"
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186"
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186"
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1395802800000.000008&tguid=77324-18194-1395828790062-852D1CDA7A8C7077CAE8DC361FD55186&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com/"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Start Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com/"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
"Start Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://google.com.br/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{D73DAD88-A4C3-43FC-A593-D34068955A33}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{D73DAD88-A4C3-43FC-A593-D34068955A33} Google  Url="https://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\gtffxtbr@GamingWonderland.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\jid1-JmA2rUSvPT7E2A@jetpack deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Haroldo\Desktop\AdwCleaner - Atalho.lnk - C:\Users\Haroldo\Downloads\AdwCleaner.exe
C:\Users\Haroldo\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -uninstall
C:\Users\Haroldo\Desktop\Dropbox.lnk - C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Haroldo\Desktop\Gerenciador de documentos HP.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\Document Manager\hpqdcmgr.exe
C:\Users\Haroldo\Desktop\HijackThis - Atalho.lnk - C:\Users\Haroldo\Downloads\HijackThis.exe
C:\Users\Haroldo\Desktop\hppiw - Atalho.lnk - C:\Users\Haroldo\Downloads\hppiw.exe
C:\Users\Haroldo\Desktop\iGBPCEFgb - Atalho.lnk - C:\Users\Haroldo\Downloads\iGBPCEFgb.exe
C:\Users\Haroldo\Desktop\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe
C:\Users\Haroldo\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
C:\Users\Haroldo\Desktop\JavaSetup7u25 - Atalho.lnk - C:\Users\Haroldo\Downloads\JavaSetup7u25.exe
C:\Users\Haroldo\Desktop\Synthesia - Atalho (2).lnk - C:\Program Files (x86)\Synthesia\Synthesia.exe
C:\Users\Haroldo\Desktop\Windows Media Player - Atalho.lnk - C:\Program Files (x86)\Windows Media Player
C:\Users\Haroldo\Desktop\WinRAR - Atalho.lnk - C:\Program Files (x86)\WinRAR
C:\Users\Haroldo\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\Haroldo\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Internet Security.lnk -  
C:\Users\Public\Desktop\avast SafeZone.lnk -  
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Guitar Pro 6.lnk - C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
C:\Users\Public\Desktop\HP ePrinterCenter.lnk - C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk - C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Java Web Start.lnk - C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe
C:\Users\Public\Desktop\LibreOffice 4.2.lnk - C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files (x86)\PowerISO\PowerISO.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\RealPlayer.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:desktop
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\VDownloader.lnk - C:\Program Files\VDownloader\VDownloader.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2014.lnk - C:\Arquivos de Programas RFB\IRPF2014\IRPF.chm
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2014.lnk - C:\Arquivos de Programas RFB\IRPF2014\uninstall.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2014.lnk - C:\Arquivos de Programas RFB\IRPF2014\Leia_me.htm
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Internet Security.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast SafeZone.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Ajuda do Receitanet 1.04 .lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Desinstalar o Receitanet 1.04.lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Desinstalador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\SysWOW64\msiexec.exe /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk - C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\avast Premier.lnk -  
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\avast Free Antivirus.lnk -  
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Bluetooth File Transfer Wizard.lnk - C:\Windows\System32\fsquirt.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gkcbebbklfkjeocpmoamnopdllfekind deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pcidejejpblipcjpnkfkddlkmgndblch deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDP deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Haroldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Haroldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Haroldo\AppData\Local\Mozilla\Firefox\Profiles\se6rb103.default\Cache emptied successfully
C:\Users\Haroldo\AppData\Local\Mozilla\Firefox\Profiles\tvtiqzcf.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=65 folders=48 10050504 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Users\Haroldo\AppData\Local\Temp will be emptied at reboot
C:\Users\Usuário Padrão\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Haroldo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs"  not found
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs"  not found

==== EOF on 10/04/2014 at 17:30:21.31 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

Prezado Max,

O problema é que o programa JRT.exe, tanto usando-se o lado direito do mouse ou dando 02 cliques simultâneos, não nos dá a opção de "executar" ou "executar como administrador", mas apenas a opção de "abrir" e que, obviamente, não abre. Desconheço o porquê. Tem alguma idéia ou uma dica pra me passar? Aguardo.

* Inicie o PC em Modo Seguro (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro). Quando o PC estiver no Modo seguro, você executa o Junkware e depois poste o log dele. Se mesmo assim não der certo, me avise.

Caro Power Max,

Consegui a execuçao "como administrador" no navegador "Firefox". Segue o log gerado pelo JRT.

A propósito, estou às voltas com um vírus que sequestrou meus navegadores. É o "Mysearchdial". Tem como removê-lo? Segue também o log do ZHPDiag.

Desculpe o acúmulo de problemas. Ai dos leigos não fossem os "experts".  Grato.



Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Haroldo on 12/04/2014 at  0:14:38.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\appshat-distribution_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1D5C9A52-71EA-1D71-AA20-6DB877B78832}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB5D199E-9659-47A2-930B-FC3B69061353}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\profiles\tvtiqzcf.default\user.js
Successfully deleted: [File] C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\profiles\tvtiqzcf.default\searchplugins\mysearchdial.xml
Successfully deleted the following from C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\profiles\tvtiqzcf.default\prefs.js

user_pref("browser.search.order.1", "Mysearchdial");
user_pref("extensions.mysearchdial.AL", 2);
user_pref("extensions.mysearchdial.aflt", "cmi_14_15_ff");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyCtD0E0ByCzytB0CyB0DtA0E0D0B0C0EtN0D0Tzu0SzztAtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2S
user_pref("extensions.mysearchdial.cntry", "BR");
user_pref("extensions.mysearchdial.cr", "1570339527");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,32
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hdrMd5", "21A495C7E83D6B3175C1124B2B1BC22D");
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_15_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytB0CyB0DtA0E0D0B0C0EtN0D0Tzu0SzztAtCtN1L2XzutBtF
user_pref("extensions.mysearchdial.id", "60EB692C7D3EDBCE");
user_pref("extensions.mysearchdial.instlDay", "16171");
user_pref("extensions.mysearchdial.instlRef", "140305_a");
user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=cmi_14_15_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytB0CyB0DtA0E0D0B0C0EtN0D0Tzu0SzztAtCtN1L2XzutBtFtB
user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.04:33:9");
user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=cmi_14_15_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytB0CyB0DtA0E0D0B0C0EtN0D0Tzu0SzztAtCtN1L2XzutB
user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"95\",\"lastVrsn\":\"95\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.sg", "none");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=cmi_14_15_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytB0CyB0DtA0E0D0B0C0EtN0D0Tzu0SzztAtCtN1L2Xzu
user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.04:33:9");
Emptied folder: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\profiles\tvtiqzcf.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/04/2014 at  0:25:08.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~ Relatório do ZHPDiag v2014.4.11.19 - Nicolas Coolman  (11/04/2014)
~ Iniciado por Haroldo (12/04/2014 00:47:21)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v34.0.1847.116

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Internet Security v9.0.2016
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.12  =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766.8 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 80 GB (42%) free of 187 GB

---\\ Modo de conexão ao sistema
~ Computer Name: HAROLDO-PC
~ User Name: Haroldo
~ All Users Names: HomeGroupUser$, Haroldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Haroldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Haroldo\AppData\Roaming\
~ %Desktop% : C:\Users\Haroldo\Desktop\
~ %Favorites% : C:\Users\Haroldo\Favorites\
~ %LocalAppData% : C:\Users\Haroldo\AppData\Local\
~ %StartMenu% : C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 80 Go of 187 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 98 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/359
~ Mes musiques (My Musics) : 1/46
~ Mes Videos (My Videos) : 2/934
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 1/382
~ Mon Bureau (My Desktop) : 1/44
~ Menu demarrer (Programs) : 1/42
~ Hidden Files:  Scanned in 00mn 04s



---\\ Processos lançados
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3854640] [PID.2716]
[MD5.CF737574A69D13575716270B38C4E804] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe   [32667896] [PID.2808]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe   [152392] [PID.2836]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.2868]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe   [532040] [PID.2988]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [275568] [PID.3400]
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe   [233048] [PID.4844]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe   [18544] [PID.4200]
[MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe   [1863560] [PID.4268]
[MD5.1177E21C863C6BB21195AB51E6B86AC0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8210432] [PID.4724]
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe   [520520] [PID.928]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [50344] [PID.1416]
[MD5.D58C10AFF2B5C09D615623A4DAC0E330] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe   [109048] [PID.1724]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe   [418376] [PID.2856]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe   [701512] [PID.2904]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.2980]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.MyWebSearch
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [iagcajndpnfncplednpbnkahadegklfa] MySearchDial Nova Guia v.9.4.10, (Désactivé)  =>Adware.MyWebSearch
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.2.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pbcaplhfkihhldmlbjhgajdeghjdbffi] GBBD Caixa Economica Federal v.3.6.2 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 21 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\user.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default\prefs.js
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\Mysearchdial.xml  =>Adware.MyWebSearch
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\searchplugins\Mysearchdial.xml  =>Adware.MyWebSearch
M0 - MFSP: prefs.js [Haroldo - extensions] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.MyWebSearch
M0 - MFSP: prefs.js [Haroldo - se6rb103.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.MyWebSearch
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.MyWebSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Bnb [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540014} . (.Banco do Nordeste do Brasil S.A. - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehbnb.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll  =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.)  -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Guitar Pro 6.lnk . (...)  -- C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
O4 - GS\Desktop [Public]: HP ePrinterCenter.lnk . (...)  -- C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url
O4 - GS\Desktop [Public]: HP Print and Scan Doctor.lnk . (...)  -- C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
O4 - GS\Desktop [Public]: Java Web Start.lnk . (...)  -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe
O4 - GS\Desktop [Public]: Loja de Suprimentos HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.)  -- C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.)  -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PowerISO.lnk . (.Power Software Ltd - PowerISO.)  -- C:\Program Files (x86)\PowerISO\PowerISO.exe
O4 - GS\Desktop [Public]: Receitanet 1.04 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.)  -- C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: VDownloader.lnk . (.Vitzo - VDownloader.)  -- C:\Program Files\VDownloader\VDownloader.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Haroldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Haroldo]: Guitar Pro 6.lnk . (...)  -- C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
O4 - GS\QuickLaunch [Haroldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Haroldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Haroldo]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Haroldo]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Haroldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Haroldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Haroldo]: Transferência de Arquivo Bluetooth.LNK . (.Microsoft Corporation - No Comment.)  -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [Haroldo]: Gerenciador de documentos HP.lnk . (.Hewlett-Packard Development Co. L.P. - HP Document Manager Application.)  -- C:\Program Files (x86)\HP\Digital Imaging\bin\Document Manager\hpqdcmgr.exe
O4 - GS\Desktop [Haroldo]: hppiw - Atalho.lnk . (...)  -- C:\Users\Haroldo\Downloads\hppiw.exe
O4 - GS\Desktop [Haroldo]: iGBPCEFgb - Atalho.lnk . (...)  -- C:\Users\Haroldo\Downloads\iGBPCEFgb.exe (.not file.)
O4 - GS\Desktop [Haroldo]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Haroldo]: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...)  -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe
O4 - GS\Desktop [Haroldo]: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...)  -- C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
O4 - GS\Desktop [Haroldo]: JavaSetup7u25 - Atalho.lnk . (.Oracle Corporation - Java(TM) Platform SE binary.)  -- C:\Users\Haroldo\Downloads\JavaSetup7u25.exe
O4 - GS\Desktop [Haroldo]: Synthesia - Atalho (2).lnk . (...)  -- C:\Program Files (x86)\Synthesia\Synthesia.exe
~ Global Startup: 94 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Haroldo]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.)  -- C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe   =>.Dropbox
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
~ Application:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bnb.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe  =>Hijacker.Office
~ Services: 11 Legitimates Filtered in 00mn 07s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{034272E9-5FEC-4514-A296-C85B01BFB84C}] (...) -- C:\Users\Haroldo\Downloads\iGBPCEFsf (1).exe (.not file.)   [0]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{53A6980A-BA36-4FD5-96D0-1F97A82B64DE}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Haroldo\Downloads\Receitanet-1.04.exe   [6182597]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{630983C1-05B8-4F20-86CD-8D4CBB21A9B6}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe   [31232]
[MD5.27902E96B1E4661AB91F98434E408357] [APT] [{98FB337E-089B-4AAB-9FA2-ECF4075B703E}] (...) -- C:\Users\Haroldo\Downloads\ReceitanetJava2010.02d_setup_win32.exe   [3798462]
[MD5.00000000000000000000000000000000] [APT] [{BBC50839-8C50-48D6-880B-BC3D6465B7F6}] (...) -- C:\Users\Haroldo\Downloads\iGBPCEFgb.exe (.not file.)   [0]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{C6BA3CFF-5A65-409E-ABD3-40CDCF2FE6C3}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe   [135168]
[MD5.75527EA7A3B425057B56A6ED32235A49] [APT] [{CC33EF03-81DA-46CE-A364-A88BF0933152}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFsf.exe   [2546504]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{DB832CA8-2708-4467-8026-9429EC8018AA}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe   [135168]
[MD5.00000000000000000000000000000000] [APT] [{DF3EB321-207D-4CAE-A9D2-80F1F3A586ED}] (...) -- C:\Users\Haroldo\Downloads\iGBPCEFsf (2).exe (.not file.)   [0]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{F4AAB967-B985-4618-93A9-47D6C488AB70}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe   [135168]
~ Scheduled Task: 32 Legitimates Filtered in 00mn 07s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (badriver) . (. - .) - C:\Windows\System32\drivers\badriver.sys (.not file.)
O41 - Driver:  (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver:  (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys  =>Adware.BDSearch
O41 - Driver:  (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 90 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Codec Pack Packages - (...) [HKCU][64Bits] -- Codec Pack Packages
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva  - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva  - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5Oftwares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKCU\Software\MiniGet]
[HKCU\Software\Pro-SoftNet]
[HKCU\Software\Start2me]
[HKCU\Software\Zugara Investment]
[HKCU\Software\mysearchdial.com]  =>Adware.MyWebSearch
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\OnLineTV Toolbar]
[HKLM\Software\Wow6432Node\Programas RFB]
~ Key Software: 315 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/04/2014 - 21:43:28 - [8.843] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 16/02/2014 - 11:17:02 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 31/03/2014 - 12:59:15 - [0.014] ----D C:\ProgramData\Baidu Security  =>Adware.BDSearch
O43 - CFD: 11/02/2013 - 05:05:38 - [3.699] ----D C:\ProgramData\IDriveSync
O43 - CFD: 29/03/2014 - 10:18:06 - [0] ----D C:\ProgramData\Puresafe
O43 - CFD: 30/03/2014 - 07:41:46 - [0.004] ----D C:\ProgramData\sAfewweb  =>PUP.SafeWeb
O43 - CFD: 26/03/2014 - 05:58:13 - [2.821] ----D C:\Users\Haroldo\AppData\Roaming\Baidu Security  =>Adware.BDSearch
O43 - CFD: 12/02/2013 - 05:24:58 - [0.855] ----D C:\Users\Haroldo\AppData\Roaming\IDriveSync
O43 - CFD: 16/03/2013 - 02:22:48 - [0] ----D C:\Users\Haroldo\AppData\Roaming\PCF
O43 - CFD: 11/04/2014 - 03:41:52 - [0] -SH-D C:\Users\Haroldo\AppData\Local\EmieSiteList
O43 - CFD: 11/04/2014 - 03:41:52 - [0] -SH-D C:\Users\Haroldo\AppData\Local\EmieUserList
O43 - CFD: 22/06/2013 - 14:34:40 - [26.460] ----D C:\Users\Haroldo\AppData\Local\{35A3A4F2-B792-11D6-A78A-00B0D0142050}
O43 - CFD: 12/04/2013 - 12:23:40 - [0.004] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 08/04/2014 - 21:44:28 - [0.004] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 218 Legitimates Filtered in 00mn 59s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 04/04/2014 - 02:47:55 ---A- . (...) -- C:\Windows\MBR.exe   [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 04/04/2014 - 02:47:55 ---A- . (...) -- C:\Windows\PEV.exe   [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 04/04/2014 - 02:47:55 ---A- . (...) -- C:\Windows\grep.exe   [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 04/04/2014 - 02:47:55 ---A- . (...) -- C:\Windows\sed.exe   [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 04/04/2014 - 02:47:55 ---A- . (...) -- C:\Windows\zip.exe   [68096]
O44 - LFC:[MD5.54F3CBBBA70F48526D3AEA0CEBA92D34] - 08/04/2014 - 21:43:31 ---A- . (...) -- C:\Windows\REC-NET.INI   [176]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 10/04/2014 - 16:58:27 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.C26FB153E759859F926F4CC739ED7F84] - 10/04/2014 - 17:30:21 ---A- . (...) -- C:\zoek-results.log   [49228]
O44 - LFC:[MD5.2906D81BD2F0616FD5267A04A87B54C4] - 11/04/2014 - 23:41:34 ---A- . (...) -- C:\Windows\ntbtlog.txt   [529420]
~ Files: 55 Legitimates Filtered in 00mn 23s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VDownloader  [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.BC647F1F9DCE55B05B54683260ECE4FB] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys   [289952]
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 24/03/2014 - 22:37:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65776]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 24/03/2014 - 22:37:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [208928]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys   [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys   [34624]  =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys   [128992]
O58 - SDL:[MD5.AF10C6EAB29FA9053D439F21D479FD2A] - 25/10/2013 - 14:59:28 ---A- . (...) -- C:\Windows\System32\Drivers\cashnbackdrv.sys   [43536]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 13/03/2014 - 23:34:01 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys   [31088]
~ Drivers: 18 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter)  .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon)  .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON  =>Adware.BDSearch
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect)  .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
~ Legacy: 107 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Beamrise.NWXK3OVJXTZ6HLOWY455TDRZ2Y> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Haroldo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.)  =>Hijacker.Beamrise
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Haroldo - extensions] user_pref("browser.search.selectedEngine", "Mysearchdial");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Haroldo - extensions] user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=cmi_14_15_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytB0CyB0DtA[...]  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Haroldo - se6rb103.default] user_pref("browser.search.selectedEngine", "Mysearchdial");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Haroldo - se6rb103.default] user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=cmi_14_15_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytB0CyB0DtA[...]  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Haroldo - tvtiqzcf.default] user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"95\",\"lastVrsn\":\"95\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"s[...]  =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.CertifiedToolbar
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.54A09129F5DF69BBBA3095894DF6788C] [SPRF][02/08/2013] (.No owner - K-Lite Codec Pack Setup.) -- C:\Users\Haroldo\Desktop\K-Lite_Codec_Pack_975_Standard.exe   [14153812]
[MD5.EB337CDFA1E9B69F951A75631D2B484E] [SPRF][09/06/2010] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll   [113192]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{34E4CCEB-3BD9-4777-8C54-CEBEF4B5DB43}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS009B\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{B87A69FE-421F-476F-B99D-B5AFBFD8ADAF}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS009B\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{227CA81D-A14E-4752-A5D0-1ADB8CFFCA2E}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS23ED\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{BC53A4B2-4100-466A-B5A7-1BD02E2EB973}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS23ED\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{439ADD59-7F96-4B5C-978E-1245229A28D2}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS2C28\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{626CEB47-86F2-420A-8238-99D34DC2BB5E}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS2C28\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{46E4C181-5574-4622-BE3F-A5FAD8BE46AD}" |In - None - P17 - TRUE | .(...) -- C:\Users\Haroldo\AppData\Local\Temp\7zS530A\setup\hpznui40.exe (.not file.)
~ Firewall: 225 Legitimates Filtered in 00mn 01s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS:  - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.227869C36057138BEE2CED499155872F] [WIS][28/07/2013] (.TuneUp Software - TuneUp Utilities Language Pack (pt-BR).) -- C:\Windows\Installer\76dcb4.msi   [2547712]
[MD5.55AE59D648BE8E81535D97ED48D14678] [WIS][18/11/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\85ffc.msi   [522752]
~ WIS: 68 Legitimates Filtered in 00mn 13s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32  =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS  =>Adware.PredictAd
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\22find_1503-2bd31be9_RASAPI32  =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\22find_1503-2bd31be9_RASMANCS  =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32  =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS  =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASAPI32  =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASMANCS  =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASAPI32  =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASAPI32  =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASMANCS  =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_7_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_7_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GrabRez_RASAPI32  =>Adware.GrabRez
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GrabRez_RASMANCS  =>Adware.GrabRez
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32  =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_0103-cb05d1c4_RASAPI32  =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_0103-cb05d1c4_RASMANCS  =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASAPI32  =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASMANCS  =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyDeltaTB_RASAPI32  =>Toolbar.DeltaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Optimizer_Pro_RASAPI32  =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer1_RASAPI32  =>PUP.Linkular
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer1_RASMANCS  =>PUP.Linkular
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Tuto4PC_widget_RASAPI32  =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Tuto4PC_widget_RASMANCS  =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateGrabRez_RASAPI32  =>Adware.GrabRez
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateGrabRez_RASMANCS  =>Adware.GrabRez
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSurftastic_RASAPI32  =>Adware.Surftastic
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSurftastic_RASMANCS  =>Adware.Surftastic
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSurftastic_RASAPI32  =>Adware.Surftastic
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSurftastic_RASMANCS  =>Adware.Surftastic
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz10_RASAPI32  =>PUP.Duuqu
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz10_RASMANCS  =>PUP.Duuqu
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VisualBeeSilent_RASAPI32  =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VisualBeeSilent_RASMANCS  =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32  =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS  =>Adware.Yontoo
~ BTK: 529 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar)  =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper)  =>Toolbar.Google
~ BCK: 4396 Legitimates Filtered in 00mn 05s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 15/03/2014 257928 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/07/2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/07/2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2012 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 |  (HOSTS Anti-PUPs) . (...) - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Auto 17/12/2013 46904 |  (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SS - | Auto 10/07/1658 0 |  (KMService) . (...) - C:\Windows\system32\srvany.exe  =>Hijacker.Office
SS - | Demand 11/04/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation

SR - | Auto 24/03/2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 26/03/2014 109048 |  (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 21/09/2009 1420560 |  (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 26/02/2014 520520 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Demand 21/02/2014 641352 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 04/04/2013 418376 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/08/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 21/09/2009 831760 |  (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Demand 10/07/1658 1255736 |  (WatAdminSvc) . (...) - C:\Windows\System32\Wat\WatAdminSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services:  Scanned in 00mn 07s



---\\ Scâner Aditional (088)
Database Version : 13044 - (11/04/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 4
Fichiers trouvés  (Files found) : 7

[HKLM\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa]   =>Adware.MyWebSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\KMService]   =>Hijacker.Office^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}   =>Toolbar.Google^
C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa   =>Adware.MyWebSearch^
C:\ProgramData\Baidu Security   =>Adware.BDSearch^
C:\ProgramData\sAfewweb   =>PUP.SafeWeb^
C:\Users\Haroldo\AppData\Roaming\Baidu Security   =>Adware.BDSearch^
[HKCU\Software\Baidu Security]   =>Adware.BDSearch^
[HKCU\Software\mysearchdial.com]   =>Adware.MyWebSearch^
[HKLM\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]   =>Adware.BDSearch^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar)   =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper)   =>Toolbar.Google^
~ Additionnel Scan: 347261 Items scanned in 00mn 35s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.MyWebSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.Beamrise
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.CertifiedToolbar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.PredictAd
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.22Find
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.AdvancedSystemProtector
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.GrabRez
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.OpenCandy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.Lollipop
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Toolbar.DeltaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.OptimizerPro
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.AgenceExclusive
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.Surftastic
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Duuqu
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.VisualBeeToolbar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.Yontoo
~ MSI: 20 link(s) detected in 00mn 00s



~ 1287 Legitimates filtered by white list
End of the scan (645 lines in 03mn 07s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Caro Power Max,

Procedi conforme sua orientação e estou postando abaixo o log gerado pelo ZHPFix:


Rapport de ZHPFix 2014.4.7.2 par Nicolas Coolman, Update du 07/04/2014
Fichier d'export Registre :
Run by Haroldo at 15/04/2014 11:54:10
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 06s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BFILTER Parado
BFMON Parado
BPROTECT Parado

========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
ELIMINÉ Driver Key: badriver
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ELIMINÉ:* CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\22find_1503-2bd31be9_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\22find_1503-2bd31be9_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_7_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_7_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GrabRez_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GrabRez_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_0103-cb05d1c4_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_0103-cb05d1c4_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyDeltaTB_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Optimizer_Pro_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer1_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer1_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Tuto4PC_widget_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Tuto4PC_widget_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateGrabRez_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateGrabRez_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSurftastic_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSurftastic_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSurftastic_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSurftastic_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz10_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz10_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VisualBeeSilent_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VisualBeeSilent_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS
ELIMINÉ:* HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}
ELIMINÉ:* HKLM\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
ELIMINÉ: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
ELIMINÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
ELIMINÉ RunValue: HOSTS Anti-Adware_PUPs
ELIMINÉ: {34E4CCEB-3BD9-4777-8C54-CEBEF4B5DB43}
ELIMINÉ: {B87A69FE-421F-476F-B99D-B5AFBFD8ADAF}
ELIMINÉ: {227CA81D-A14E-4752-A5D0-1ADB8CFFCA2E}
ELIMINÉ: {BC53A4B2-4100-466A-B5A7-1BD02E2EB973}
ELIMINÉ: {439ADD59-7F96-4B5C-978E-1245229A28D2}
ELIMINÉ: {626CEB47-86F2-420A-8238-99D34DC2BB5E}
ELIMINÉ: {46E4C181-5574-4622-BE3F-A5FAD8BE46AD}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

========== Preferências do navegador ==========
AGORA Chrome File: C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
ELIMINÉ Chrome Site: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ Chrome Site: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
AUSENTE Mozilla Pref: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
AUSENTE Mozilla Pref: user_pref("browser.search.selectedEngine", "Mysearchdial");
AUSENTE Mozilla Pref: user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=cmi_14_15_ff&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytB0CyB0DtA[...]
AUSENTE Mozilla Pref: user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"95\",\"lastVrsn\":\"95\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"s[...]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\haroldo\appdata\local\google\chrome\user data\default\preferences
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (709) (43075192 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {034272E9-5FEC-4514-A296-C85B01BFB84C}
ELIMINÉ: {BBC50839-8C50-48D6-880B-BC3D6465B7F6}
ELIMINÉ: {DF3EB321-207D-4CAE-A9D2-80F1F3A586ED}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
53 : Chaves do Registo
19 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
6 : Ficheiros
7 : Preferências do navegador
3 : Estado dos serviços
3 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 06s

========== Caminho do ficheiro do relatório ==========
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R10].txt - 12/04/2014 23:48:41 [1231]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R11].txt - 12/04/2014 23:52:00 [1297]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R12].txt - 12/04/2014 23:56:05 [1380]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 12/04/2014 13:20:49 [8014]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 12/04/2014 23:33:44 [711]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R3].txt - 12/04/2014 23:36:08 [642]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R4].txt - 12/04/2014 23:37:29 [723]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R5].txt - 12/04/2014 23:38:05 [804]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R6].txt - 12/04/2014 23:39:27 [885]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R7].txt - 12/04/2014 23:42:26 [1227]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R8].txt - 12/04/2014 23:45:30 [1048]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R9].txt - 12/04/2014 23:48:07 [1131]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R13].txt - 15/04/2014 11:54:16 [8088]

Faça uma atualização (update) do Malwarebytes que você já tem instalado em seu PC.

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"
*Clique no botão: "Verificar"
* Marque todas as partes do computador para serem escaneadas e clique no botão: “Iniciar verificação”
*Ao término do scan, clique em "OK" > "Mostrar Resultados"
*Selecione todas as entradas e clique em "Remover Selecionados"
*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"
*Um log será apresentado com o resultado das ações
*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.
*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

Poste este log gerado pelo Malwarebytes Anti-Malware na sua próxima resposta.

Ficamos no aguardo de sua resposta.

Caro Power Max,


Com certeza toda sua orientação remeteu-nos para um final vitorioso. Posto aqui o log gerado pelo MalwareBytes´Anti-Malware.

De já, meu muitíssimo obrigado.


Versão da Base de Dados:  v2014.04.11.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
Haroldo :: HAROLDO-PC [administrador]

16/04/2014 18:06:40
mbam-log-2014-04-16 (18-06-40).txt

Tipo de Verificação:  Verificação Completa  (C:\|D:\|E:\|G:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  507719
Tempo decorrido: 1 hora(s), 57 minuto(s), 49 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

  Fico feliz que o problema tenha sido resolvido.

 Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

  Foi um prazer ajudar. Conte sempre conosco!

Olá. Para remover os programas usados na limpeza de seu PC você pode usar também o programa Tools Cleaner:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para utilizá-lo corretamente é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.