Re: Infecção após ter recebido e aberto email

por **Power Max** Qua 04 Jun 2014, 10:47

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por AndréGouveiaCabral Qua 04 Jun 2014, 11:04

Segue:

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by LOVA on 04/06/2014 at 10:59:42,13.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\LOVA\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-03-194848.log 61669 bytes
C:\zoek-results2014-06-04-131057.log 22081 bytes

==== System Restore Info ======================

04/06/2014 11:00:56 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu\Hao123-br\hao123desk]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-677737358-513391184-2833254832-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

por **Power Max** Qua 04 Jun 2014, 12:48

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por AndréGouveiaCabral Qua 04 Jun 2014, 13:38

Segue:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x64
Ran by LOVA on 04/06/2014 at 13:29:31,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yuna software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_BrasilAutoUpdaterHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_BrasilAutoUpdaterHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_BrasilToolbarHelper1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_BrasilToolbarHelper1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_BrasilToolbarHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_BrasilToolbarHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_BrasilAutoUpdaterHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_BrasilAutoUpdaterHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_BrasilToolbarHelper1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_BrasilToolbarHelper1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_BrasilToolbarHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_BrasilToolbarHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6F2EA267-1DD5-8C59-B301-6A26156DAA7E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B0D54858-04F0-49A7-A591-4E538DCB489E}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\yuna software"

~~~ FireFox

Emptied folder: C:\Users\LOVA\AppData\Roaming\mozilla\firefox\profiles\9h8xy0ow.default\minidumps [1 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/06/2014 at 13:36:46,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Qua 04 Jun 2014, 13:41

Infecção após ter recebido e aberto email - Página 2 772309

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por AndréGouveiaCabral Qua 04 Jun 2014, 14:54

Segue:

~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por LOVA (04/06/2014 14:48:10)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.8
µTorrent v3.3.0.29342 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader 9.5.5 - Português
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4052 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 133 GB (45%) free of 289 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LOVA-PC
~ User Name: LOVA
~ All Users Names: LOVA, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\LOVA\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\LOVA\AppData\Roaming\
~ %Desktop% : C:\Users\LOVA\Desktop\
~ %Favorites% : C:\Users\LOVA\Favorites\
~ %LocalAppData% : C:\Users\LOVA\AppData\Local\
~ %StartMenu% : C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 133 Go of 289 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 9 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
H: CD-ROM drive (Not Inserted)
I: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/524
~ Mes musiques (My Musics) : 91/160
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 1/1971
~ Mon Bureau (My Desktop) : 5/4969
~ Menu demarrer (Programs) : 1/63
~ Hidden Files: Scanned in 00mn 04s

---\\ Processos lançados
[MD5.23C2FCAA50C4F80F7D1B8A0771D45328] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3508]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3700]
[MD5.72860972F8196EBB3C896F53D2B95470] - (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HpqSRmon.exe [150528] [PID.3720]
[MD5.9F96F98409B89C5806F4380867DD48E0] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.3860]
[MD5.536EFCE2544EBFD209EDED39CAA3901A] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [128296] [PID.3556]
[MD5.30426544CDDC55B8B71DEB556722ECE3] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216] [PID.3600]
[MD5.864B19A9FF68F5437C6EDDC2F0DDCD2E] - (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.exe [18372272] [PID.920]
[MD5.9771F9DB07C666B05258C0A1579510AA] - (.Nelogica - No Comment.) -- C:\Users\LOVA\AppData\Roaming\Nelogica\ProfitChart\profitchart.exe [14378496] [PID.4996]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.4524]
[MD5.A8F2A6D5782AA0166D8367FF674DDF77] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe [52648] [PID.3456]
[MD5.9395BBE294045909A025C9F3DC3D9025] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\java.exe [174504] [PID.3748]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.3772]
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.804]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1616]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.1672]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.1728]
[MD5.79CD0BA3574F3DECD2D424FAC08025C4] - (...) -- C:\Users\LOVA\AppData\Roaming\InstallW\IWsrv.exe [55808] [PID.1956]
[MD5.108333981C841EB0FF198AA5DFCF3D3B] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1980]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.2020]
[MD5.318706813FB613072A688F2653B0689F] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files (x86)\Scpad\scpVista.exe [360624] [PID.1304]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.2768]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 02s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\LOVA\AppData\Roaming\Mozilla\Firefox\Profiles\9h8xy0ow.default\prefs.js
M3 - MFPP: Plugins - [LOVA] -- C:\Users\LOVA\AppData\Roaming\Mozilla\Firefox\Profiles\9h8xy0ow.default\searchplugins\Speedial.xml =>Adware.Adware.SearchYa
M2 - MFEP: prefs.js [LOVA - 9h8xy0ow.default\{87F8774F-B485-47E2-A755-A40A8A5E8874}] [] Modulo de Protecao v2.12.0.10.20 (..)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\LOVA\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\LOVA\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 22 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB [64Bits] - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: AOL Toolbar BHO [64Bits] - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files (x86)\AOL\Barra de Ferramentas da AOL 5.0\aoltb.dll
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehUni.dll
~ BHO: 16 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{12FC3D37-2A42-4FE3-8489-81296878CBA5} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{4F524A2D-5637-4300-76A7-7A786E7484D7} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [LOVA]: Ragnarok.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
O4 - GS\Desktop [LOVA]: Ragnarok.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
~ Global Startup: 3 Legitimates Filtered in 00mn 01s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SmartMenu] . (.No owner - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (.not file.)
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [lovapc] regsvr32 \s C:\Users\LOVA\AppData\Roaming\LOVA-PC.jpg (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [NPSStartup] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-677737358-513391184-2833254832-1000\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (.not file.)
O4 - HKUS\S-1-5-21-677737358-513391184-2833254832-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-677737358-513391184-2833254832-1000\..\Run: [lovapc] regsvr32 \s C:\Users\LOVA\AppData\Roaming\LOVA-PC.jpg (.not file.)
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{15853DD3-2A02-485C-AFB1-43DC75E5BD78}: DhcpNameServer = 50.30.43.179 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{28535AA6-D2AE-4BF8-977E-A926EFDAB6BC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C19AB7F-B3BC-427E-9C74-787206C7F5D8}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{4274AE3C-B1A9-4F2D-B22B-BC02786BD693}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{15853DD3-2A02-485C-AFB1-43DC75E5BD78}: DhcpNameServer = 50.30.43.179 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{28535AA6-D2AE-4BF8-977E-A926EFDAB6BC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C19AB7F-B3BC-427E-9C74-787206C7F5D8}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{4274AE3C-B1A9-4F2D-B22B-BC02786BD693}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{15853DD3-2A02-485C-AFB1-43DC75E5BD78}: DhcpNameServer = 50.30.43.179 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{28535AA6-D2AE-4BF8-977E-A926EFDAB6BC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C19AB7F-B3BC-427E-9C74-787206C7F5D8}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS2\Services\Tcpip\..\{4274AE3C-B1A9-4F2D-B22B-BC02786BD693}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: BingBar Service (BBSvc) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe (.not file.) =>Toolbar.Bing
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Service Component of Installer (iwsr) . (...) - C:\Users\LOVA\AppData\Roaming\InstallW\IWsrv.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files (x86)\Scpad\scpVista.exe
~ Services: 10 Legitimates Filtered in 00mn 03s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl] (...) -- C:\Users\LOVA\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe (.not file.) [0] =>PUP.Minibar
[MD5.00000000000000000000000000000000] [APT] [Norton Security Scan for LOVA] (...) -- C:\Program Files (x86)\NORTON~2\Engine\403~1.24\Nss.exe (.not file.) [0]
[MD5.00E22B3ED82BB39750CCE10316380192] [APT] [{1CA8B486-8F87-4E50-AC2E-1661988EE727}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\LOVA\Downloads\Receitanet-1.03.exe [6182539]
[MD5.00000000000000000000000000000000] [APT] [{45D1BA3E-A55A-4EC4-A3B0-5D5C983D8AA6}] (...) -- H:\WindowsUI\Install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{70B6A0E2-0A9F-41E2-A428-8A9E51235250}] (...) -- C:\RagnaYokai\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B96D6289-B69F-4C26-9A35-148B581A0D54}] (...) -- H:\WindowsUI\Install.exe (.not file.) [0]
[MD5.A653382073543C284DC4278B64778CF2] [APT] [{BE9C3F15-D06B-48CA-9B40-861EB61A6A4F}] (.Receita Federal do Brasil.) -- C:\Users\LOVA\Downloads\ITR2012Win32v1.0.exe [18595397]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\PCDRScheduledMaintenance [552]
~ Scheduled Task: 29 Legitimates Filtered in 00mn 06s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (fhtnmhwf) . (. - .) - C:\Windows\system32\drivers\fhtnmhwf.sys (.not file.)
~ Drivers: 72 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Download & Install Packages - (...) [HKCU][64Bits] -- Download & Install Packages
O42 - Logiciel: FM Screen Capture Codec (Remove Only) - (...) [HKLM][64Bits] -- FMCODEC
O42 - Logiciel: Firefox Packages - (...) [HKCU][64Bits] -- Firefox Packages
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Highlightly - (.Highlightly.) [HKLM][64Bits] -- Highlightly
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM][64Bits] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: ITR2010 - (...) [HKLM][64Bits] -- ITR2010
O42 - Logiciel: ITR2011 - (...) [HKLM][64Bits] -- ITR2011
O42 - Logiciel: ITR2012 - Declaração do Imposto sobre a Propriedade Territorial Rural - (.Receita Federal do Brasil.) [HKCU][64Bits] -- ITR2012
O42 - Logiciel: ITR2013 - Declaração do Imposto sobre a Propriedade Territorial Rural - (.Receita Federal do Brasil.) [HKLM][64Bits] -- ITR2013
O42 - Logiciel: Installer Package - (...) [HKLM][64Bits] -- Resume
O42 - Logiciel: Nelogica ProfitChart Diário - (...) [HKCU][64Bits] -- ProfitChart
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: YoutubeBookmark - (.YoutubeBookmark.) [HKLM][64Bits] -- {E32743D3-5789-6E4F-3998-06FB87C9214B}
~ Logic: 42 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\49090InstEnd]
[HKCU\Software\Activeris] =>PUP.Activeris
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Brasfoot]
[HKCU\Software\Cloudmark]
[HKCU\Software\DefaultPackStatus]
[HKCU\Software\Download4windows]
[HKCU\Software\File Type Helper]
[HKCU\Software\GbAs]
[HKCU\Software\Nelogica]
[HKCU\Software\Pando Networks]
[HKCU\Software\SP20]
[HKCU\Software\SP26]
[HKCU\Software\UltraDownloads.com.br]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\Feven 1.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\Level Up! Interactive]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Plus-HD-9.52] =>Adware.PlusHD
[HKLM\Software\Wow6432Node\Programas RFB]
[HKLM\Software\Wow6432Node\SK.Enhancer] =>Adware.SurfAndKeep
[HKLM\Software\Wow6432Node\UnitedAdmins]
~ Key Software: 375 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/09/2012 - 15:52:42 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 10/05/2014 - 16:58:06 - [] ----D C:\Program Files (x86)\InstallInfo
O43 - CFD: 14/11/2010 - 20:39:36 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 30/04/2014 - 16:31:09 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 07/01/2014 - 15:06:53 - [] ----D C:\Program Files (x86)\Scpad
O43 - CFD: 09/05/2014 - 15:23:11 - [] ----D C:\ProgramData\Cloudmark
O43 - CFD: 12/02/2012 - 10:22:31 - [] ----D C:\ProgramData\levelup downloader
O43 - CFD: 05/05/2014 - 10:51:26 - [] ----D C:\ProgramData\ZombieAlert
O43 - CFD: 13/08/2010 - 17:25:37 - [] ----D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 01/06/2014 - 16:36:10 - [] ----D C:\Users\LOVA\AppData\Roaming\0D1F2W1G1I1F1T1QyE2W1L1G1Q1F2W1B
O43 - CFD: 22/05/2014 - 17:08:32 - [] ----D C:\Users\LOVA\AppData\Roaming\InstallW
O43 - CFD: 02/09/2010 - 20:36:02 - [] ----D C:\Users\LOVA\AppData\Roaming\Nelogica
O43 - CFD: 26/09/2013 - 08:56:21 - [] ----D C:\Users\LOVA\AppData\Roaming\Scpad
O43 - CFD: 20/09/2013 - 02:05:07 - [] ----D C:\Users\LOVA\AppData\Roaming\Shareaza
O43 - CFD: 08/05/2014 - 09:26:56 - [] ----D C:\Users\LOVA\AppData\Local\com
O43 - CFD: 12/02/2012 - 10:22:31 - [] ----D C:\Users\LOVA\AppData\Local\Level Up!
O43 - CFD: 13/11/2010 - 18:17:29 - [] ----D C:\Users\LOVA\AppData\Local\QuickStores
O43 - CFD: 30/10/2010 - 20:47:37 - [] ----D C:\Users\LOVA\AppData\Local\Shareaza
O43 - CFD: 29/05/2010 - 13:04:56 - [0] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2010
O43 - CFD: 07/08/2011 - 10:33:56 - [0] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2011
O43 - CFD: 14/07/2012 - 14:28:12 - [0] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2012
O43 - CFD: 02/09/2012 - 15:52:43 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 09/09/2009 - 21:58:33 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gerenciador de Recuperação
O43 - CFD: 02/09/2010 - 20:36:02 - [0] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nelogica
O43 - CFD: 30/04/2014 - 16:31:09 - [0] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 12/10/2013 - 18:40:25 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 12/10/2013 - 18:46:17 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 13/09/2013 - 12:33:23 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 19/03/2014 - 14:12:09 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 256 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.278D77FC352CBA1EDE2A8F8FFA17E140] - 03/06/2014 - 16:48:48 ---A- . (...) -- C:\zoek-results2014-06-03-194848.log [61669]
O44 - LFC:[MD5.142152132709BBE934B45B95116356DA] - 04/06/2014 - 10:10:57 ---A- . (...) -- C:\zoek-results2014-06-04-131057.log [22081]
O44 - LFC:[MD5.BF0805EAB0C33E0A152C7AA9503B5C8B] - 04/06/2014 - 11:02:40 ---A- . (...) -- C:\zoek-results.log [2676]
~ Files: 37 Legitimates Filtered in 00mn 06s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{d821bf63-ee8a-11df-9fae-d8d3859f1afc}\AutoRun\command. (...) -- J:\WindowsUI\Install.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:10/12/2011 - 12:22:09 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [279616]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:01/04/2014 - 17:00:50 ---A- . (.Highlightly - Highlightly Driver x64.) -- C:\Windows\System32\Drivers\hlnfd.sys [58256]
O58 - SDL:17/12/2013 - 16:09:02 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [61592]
O58 - SDL:31/10/2008 - 04:00:24 ---A- . (.PowerISO Computing, Inc. - PowerISO Virtual Drive.) -- C:\Windows\System32\Drivers\scdemu.sys [85936]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [530488]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:22/03/2014 - 15:51:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLib64.sys [61112] =>PUP.LinkiDoo
O58 - SDL:08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:04/06/2014 - 09:35:18 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:25/10/2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 72 Legitimates Filtered in 00mn 05s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7FD8FE44CB8F0599D5FE1D301511EC8B] [SPRF][18/11/2013] (...) -- C:\Users\LOVA\AppData\Roaming\unins000.dat [33039]
[MD5.ACDCBBEC5909F53A75A46BF26153D6C8] [SPRF][05/03/2014] (...) -- C:\Users\LOVA\AppData\Roaming\unins001.dat [16675]
[MD5.FFD5F65CAC35C13FCC2E4C3582037FFC] [SPRF][23/05/2010] (...) -- C:\Users\LOVA\AppData\Roaming\wklnhst.dat [108]
[MD5.2B81032476A62F12F884DA587B64EE95] [SPRF][12/04/2012] (...) -- C:\Users\LOVA\Desktop\HPSDU.exe [2338640]
[MD5.8FB86883B9C3EB06ECB22E9550125482] [SPRF][06/05/2011] (...) -- C:\Users\LOVA\Desktop\SF_CDA_NonNet_Full_Win_WW_130_140.exe [211428624]
~ Files: 7 Legitimates Filtered in 00mn 19s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{944484D4-1E30-4FD1-90AA-97546C6BA5FF}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\LOVA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{D9F59F6C-22AF-4FBC-AB73-685115569F2B}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\LOVA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 09s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\Windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "BD04C21DD7DC68D42958E5F22E63394E" . (.SupraSavings.) -- c:\Windows\Installer\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}\icon64.ico =>PUP.SupraSavings
~ Update Products: 2 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9A5263D3C011F34BFA10C5458CF27197] [WIS][29/04/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\100265.msi [4997120] =>PUP.SupraSavings
[MD5.3AF7B8083FDD852A6DDA4FFE10FC6044] [WIS][07/03/2014] (.SavingsBull Filter - SavingsbullFilter.) -- C:\Windows\Installer\1920dd.msi [1380352] =>PUP.SavingsBull
~ WIS: 2 Legitimates Filtered in 00mn 15s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32 =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASAPI32 =>PUP.JDIBackup
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASMANCS =>PUP.JDIBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Brothersoftdownloader_for_JADMaker_RASAPI32 =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Brothersoftdownloader_for_JADMaker_RASMANCS =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASAPI32 =>PUP.Storimbo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASMANCS =>PUP.Storimbo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilStorimbo_RASAPI32 =>PUP.Storimbo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilStorimbo_RASMANCS =>PUP.Storimbo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
~ BTK: 463 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 03/06/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (BBSvc) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe =>Toolbar.Bing
SS - | Demand 10/07/1658 0 | (BBUpdate) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe =>Toolbar.Bing
SS - | Auto 30/04/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/04/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Disabled 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Disabled 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 27/01/2014 571816 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 03/12/2009 28672 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 09/07/2009 124928 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Demand 01/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 26/04/2014 55808 | (iwsr) . (...) - C:\Users\LOVA\AppData\Roaming\InstallW\IWsrv.exe
SR - | Auto 18/05/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files (x86)\Scpad\scpVista.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s

---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [530488]
~ Emulateurs: Scanned in 00mn 07s

---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 28
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 7

[HKLM\SYSTEM\CurrentControlSet\Services\BBSvc] =>Toolbar.Bing^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Wow6432Node\aTube Catcher\OpenCandy] =>Adware.OpenCandy
[HKLM\Software\Classes\AOLTB.AOLToolBand.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AOLTB.AOLToolBand.1] =>Toolbar.Agent
[HKCU\Software\Activeris] =>PUP.Activeris^
[HKLM\Software\Wow6432Node\Feven 1.1] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Plus-HD-9.52] =>Adware.PlusHD^
[HKLM\Software\Wow6432Node\SK.Enhancer] =>Adware.SurfAndKeep^
C:\Windows\Installer\100265.msi =>PUP.SupraSavings^
C:\Windows\Installer\1920dd.msi =>PUP.SavingsBull^
C:\Users\LOVA\Downloads\SaveAs.exe =>PUP.Offerware
~ Additionnel Scan: 406569 Items scanned in 01mn 02s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Minibar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Activeris
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PlusHD
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SurfAndKeep
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SavingsBull
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MyPCBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PredictAd
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Downware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Storimbo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MyWebSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.OpenCandy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Offerware
~ MSI: 21 link(s) detected in 00mn 00s

~ 992 Legitimates filtered by white list
End of the scan (675 lines in 02mn 45s)(0)

por **Power Max** Qua 04 Jun 2014, 18:55

Sugiro de desinstale o Bonjour, que é desnecessário.
_____________________________________________________________________________________________________________

Infecção após ter recebido e aberto email - Página 2 772309

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________________

Infecção após ter recebido e aberto email - Página 2 772309

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em negrito abaixo para ser analisado:
C:\Users\LOVA\AppData\Roaming\InstallW\IWsrv.exe

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
________________________________________________________________________________________________________________

Infecção após ter recebido e aberto email - Página 2 772309

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Infecção após ter recebido e aberto email - Página 2 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

por AndréGouveiaCabral Qui 05 Jun 2014, 13:02

Fiz a remoção do Bonjour e a limpeza com Ccleaner, e a desativação de programas que rodam junto com a abertura do windows.

Não estou conseguindo fazer a verificação no site virustotal.com, pois não consigo achar o arquivo listado C:\Users\LOVA\AppData\Roaming\InstallW\IWsrv.exe, em meu PC, para anexá-lo no site. Como faço?

por **Power Max** Qui 05 Jun 2014, 13:04

Depois a gente faz o escaneamento do arquivo, siga a outra dica que te passei com o ZHPFix e poste o relatório dele.

por AndréGouveiaCabral Qui 05 Jun 2014, 13:15

Segue:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by LOVA at 05/06/2014 13:13:23
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 55s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\highlightly\uninstall.exe

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\LOVA\Downloads\SaveAs.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Highlightly]
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: fhtnmhwf
ELIMINÉ: HKCU\Software\Activeris
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: HKLM\Software\Wow6432Node\Feven 1.1
ELIMINÉ: HKLM\Software\Wow6432Node\Plus-HD-9.52
ELIMINÉ: HKLM\Software\Wow6432Node\SK.Enhancer
ELIMINÉ: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\BD04C21DD7DC68D42958E5F22E63394E]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\BD04C21DD7DC68D42958E5F22E63394E]
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Brothersoftdownloader_for_JADMaker_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Brothersoftdownloader_for_JADMaker_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilStorimbo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilStorimbo_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
ELIMINÉ: HKLM\Software\Wow6432Node\aTube Catcher\OpenCandy

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {12FC3D37-2A42-4FE3-8489-81296878CBA5}
ELIMINÉ: Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7}
ELIMINÉ RunValue: SpUninstallDeleteDir
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\lova\appdata\roaming\mozilla\firefox\profiles\9h8xy0ow.default\searchplugins\speedial.xml
ELIMINA REINICIAR: c:\windows\system32\tasks\pcdrscheduledmaintenance
ELIMINA REINICIAR: c:\windows\system32\drivers\hlnfd.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlib64.sys
ELIMINÉ: C:\Windows\Installer\100265.msi
ELIMINÉ: C:\Windows\Installer\1920dd.msi
ELIMINÉ Temporários windows (127) (2.732.873 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
ELIMINÉ: Norton Security Scan for LOVA
ELIMINÉ: {45D1BA3E-A55A-4EC4-A3B0-5D5C983D8AA6}
ELIMINÉ: {70B6A0E2-0A9F-41E2-A428-8A9E51235250}
ELIMINÉ: {B96D6289-B69F-4C26-9A35-148B581A0D54}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
1 : Processo memória
55 : Chaves do Registo
9 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
8 : Ficheiros
1 : Softwares
5 : Tarefa planificada
1 : Restauração Sistema

End of clean in 01mn 30s

========== Caminho do ficheiro do relatório ==========
C:\Users\LOVA\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/06/2014 13:14:19 [7428]

por **Power Max** Qui 05 Jun 2014, 13:42

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

C:\Users\LOVA\AppData\Roaming\InstallW\IWsrv.exe;virustotal

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por AndréGouveiaCabral Qui 05 Jun 2014, 16:09

Segue:

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by LOVA on 05/06/2014 at 16:06:08,24.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\LOVA\Downloads\zoek (1).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-03-194848.log 61669 bytes
C:\zoek-results2014-06-04-131057.log 22081 bytes
C:\zoek-results2014-06-04-140240.log 2676 bytes

==== VirusTotal Scan ======================

C:\Users\LOVA\AppData\Roaming\InstallW\IWsrv.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=62 folders=73 13254905 bytes)

==== EOF on 05/06/2014 at 16:07:40,75 ======================

por **Power Max** Qui 05 Jun 2014, 17:07

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por AndréGouveiaCabral Qui 05 Jun 2014, 18:50

Segue:

~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por LOVA (05/06/2014 18:25:29)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.14

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.8
µTorrent v3.3.0.29342 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader 9.5.5 - Português
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4052 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 139 GB (48%) free of 289 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LOVA-PC
~ User Name: LOVA
~ All Users Names: LOVA, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\LOVA\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\LOVA\AppData\Roaming\
~ %Desktop% : C:\Users\LOVA\Desktop\
~ %Favorites% : C:\Users\LOVA\Favorites\
~ %LocalAppData% : C:\Users\LOVA\AppData\Local\
~ %StartMenu% : C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 139 Go of 289 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 9 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
H: CD-ROM drive (Not Inserted)
I: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/524
~ Mes musiques (My Musics) : 91/160
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 1/1971
~ Mon Bureau (My Desktop) : 5/4970
~ Menu demarrer (Programs) : 1/62
~ Hidden Files: Scanned in 00mn 05s

---\\ Processos lançados
[MD5.536EFCE2544EBFD209EDED39CAA3901A] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [128296] [PID.2932]
[MD5.30426544CDDC55B8B71DEB556722ECE3] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216] [PID.2064]
[MD5.23C2FCAA50C4F80F7D1B8A0771D45328] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3152]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3232]
[MD5.72860972F8196EBB3C896F53D2B95470] - (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HpqSRmon.exe [150528] [PID.3248]
[MD5.9F96F98409B89C5806F4380867DD48E0] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.3328]
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.3336]
[MD5.340636A9D4F9B9449AA9AFF60BD1AEF6] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [511872] [PID.3048]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.2896]
[MD5.A8F2A6D5782AA0166D8367FF674DDF77] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe [52648] [PID.2284]
[MD5.9395BBE294045909A025C9F3DC3D9025] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\java.exe [174504] [PID.5372]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.5428]
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.824]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1564]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.1652]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.1712]
[MD5.79CD0BA3574F3DECD2D424FAC08025C4] - (...) -- C:\Users\LOVA\AppData\Roaming\InstallW\IWsrv.exe [55808] [PID.1816]
[MD5.108333981C841EB0FF198AA5DFCF3D3B] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1928]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.1684]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.2140]
[MD5.318706813FB613072A688F2653B0689F] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files (x86)\Scpad\scpVista.exe [360624] [PID.2236]
[MD5.E87213F37A13E2B54391E40934F071D0] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [105144] [PID.1660]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 01s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\LOVA\AppData\Roaming\Mozilla\Firefox\Profiles\9h8xy0ow.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\LOVA\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\LOVA\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 22 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB [64Bits] - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: AOL Toolbar BHO [64Bits] - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files (x86)\AOL\Barra de Ferramentas da AOL 5.0\aoltb.dll
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehUni.dll
~ BHO: 16 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [LOVA]: Ragnarok.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
O4 - GS\Desktop [LOVA]: Ragnarok.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
~ Global Startup: 3 Legitimates Filtered in 00mn 01s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{15853DD3-2A02-485C-AFB1-43DC75E5BD78}: DhcpNameServer = 50.30.43.179 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{28535AA6-D2AE-4BF8-977E-A926EFDAB6BC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C19AB7F-B3BC-427E-9C74-787206C7F5D8}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{4274AE3C-B1A9-4F2D-B22B-BC02786BD693}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{15853DD3-2A02-485C-AFB1-43DC75E5BD78}: DhcpNameServer = 50.30.43.179 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{28535AA6-D2AE-4BF8-977E-A926EFDAB6BC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C19AB7F-B3BC-427E-9C74-787206C7F5D8}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{4274AE3C-B1A9-4F2D-B22B-BC02786BD693}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{15853DD3-2A02-485C-AFB1-43DC75E5BD78}: DhcpNameServer = 50.30.43.179 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{28535AA6-D2AE-4BF8-977E-A926EFDAB6BC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C19AB7F-B3BC-427E-9C74-787206C7F5D8}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS2\Services\Tcpip\..\{4274AE3C-B1A9-4F2D-B22B-BC02786BD693}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: BingBar Service (BBSvc) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe (.not file.) =>Toolbar.Bing
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Service Component of Installer (iwsr) . (...) - C:\Users\LOVA\AppData\Roaming\InstallW\IWsrv.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files (x86)\Scpad\scpVista.exe
~ Services: 9 Legitimates Filtered in 00mn 06s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00E22B3ED82BB39750CCE10316380192] [APT] [{1CA8B486-8F87-4E50-AC2E-1661988EE727}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\LOVA\Downloads\Receitanet-1.03.exe [6182539]
[MD5.A653382073543C284DC4278B64778CF2] [APT] [{BE9C3F15-D06B-48CA-9B40-861EB61A6A4F}] (.Receita Federal do Brasil.) -- C:\Users\LOVA\Downloads\ITR2012Win32v1.0.exe [18595397]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\PCDRScheduledMaintenance [552]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 03s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (fhtnmhwf) . (. - .) - C:\Windows\system32\drivers\fhtnmhwf.sys (.not file.)
~ Drivers: 68 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Download & Install Packages - (...) [HKCU][64Bits] -- Download & Install Packages
O42 - Logiciel: FM Screen Capture Codec (Remove Only) - (...) [HKLM][64Bits] -- FMCODEC
O42 - Logiciel: Firefox Packages - (...) [HKCU][64Bits] -- Firefox Packages
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM][64Bits] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: ITR2010 - (...) [HKLM][64Bits] -- ITR2010
O42 - Logiciel: ITR2011 - (...) [HKLM][64Bits] -- ITR2011
O42 - Logiciel: ITR2012 - Declaração do Imposto sobre a Propriedade Territorial Rural - (.Receita Federal do Brasil.) [HKCU][64Bits] -- ITR2012
O42 - Logiciel: ITR2013 - Declaração do Imposto sobre a Propriedade Territorial Rural - (.Receita Federal do Brasil.) [HKLM][64Bits] -- ITR2013
O42 - Logiciel: Installer Package - (...) [HKLM][64Bits] -- Resume
O42 - Logiciel: Nelogica ProfitChart Diário - (...) [HKCU][64Bits] -- ProfitChart
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: YoutubeBookmark - (.YoutubeBookmark.) [HKLM][64Bits] -- {E32743D3-5789-6E4F-3998-06FB87C9214B}
~ Logic: 41 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\49090InstEnd]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Brasfoot]
[HKCU\Software\Cloudmark]
[HKCU\Software\DefaultPackStatus]
[HKCU\Software\Download4windows]
[HKCU\Software\File Type Helper]
[HKCU\Software\GbAs]
[HKCU\Software\Nelogica]
[HKCU\Software\Pando Networks]
[HKCU\Software\SP20]
[HKCU\Software\SP26]
[HKCU\Software\UltraDownloads.com.br]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\Highlightly]
[HKLM\Software\Wow6432Node\Level Up! Interactive]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Programas RFB]
[HKLM\Software\Wow6432Node\UnitedAdmins]
~ Key Software: 370 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/09/2012 - 15:52:42 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 10/05/2014 - 16:58:06 - [] ----D C:\Program Files (x86)\InstallInfo
O43 - CFD: 14/11/2010 - 20:39:36 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 30/04/2014 - 16:31:09 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 07/01/2014 - 15:06:53 - [] ----D C:\Program Files (x86)\Scpad
O43 - CFD: 09/05/2014 - 15:23:11 - [] ----D C:\ProgramData\Cloudmark
O43 - CFD: 12/02/2012 - 10:22:31 - [] ----D C:\ProgramData\levelup downloader
O43 - CFD: 05/05/2014 - 10:51:26 - [] ----D C:\ProgramData\ZombieAlert
O43 - CFD: 13/08/2010 - 17:25:37 - [] ----D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 01/06/2014 - 16:36:10 - [] ----D C:\Users\LOVA\AppData\Roaming\0D1F2W1G1I1F1T1QyE2W1L1G1Q1F2W1B
O43 - CFD: 22/05/2014 - 17:08:32 - [] ----D C:\Users\LOVA\AppData\Roaming\InstallW
O43 - CFD: 02/09/2010 - 20:36:02 - [] ----D C:\Users\LOVA\AppData\Roaming\Nelogica
O43 - CFD: 26/09/2013 - 08:56:21 - [] ----D C:\Users\LOVA\AppData\Roaming\Scpad
O43 - CFD: 20/09/2013 - 02:05:07 - [] ----D C:\Users\LOVA\AppData\Roaming\Shareaza
O43 - CFD: 08/05/2014 - 09:26:56 - [] ----D C:\Users\LOVA\AppData\Local\com
O43 - CFD: 12/02/2012 - 10:22:31 - [] ----D C:\Users\LOVA\AppData\Local\Level Up!
O43 - CFD: 13/11/2010 - 18:17:29 - [] ----D C:\Users\LOVA\AppData\Local\QuickStores
O43 - CFD: 30/10/2010 - 20:47:37 - [] ----D C:\Users\LOVA\AppData\Local\Shareaza
O43 - CFD: 29/05/2010 - 13:04:56 - [0] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2010
O43 - CFD: 07/08/2011 - 10:33:56 - [0] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2011
O43 - CFD: 14/07/2012 - 14:28:12 - [0] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot 2012
O43 - CFD: 02/09/2012 - 15:52:43 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 09/09/2009 - 21:58:33 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gerenciador de Recuperação
O43 - CFD: 02/09/2010 - 20:36:02 - [0] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nelogica
O43 - CFD: 30/04/2014 - 16:31:09 - [0] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 12/10/2013 - 18:40:25 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 12/10/2013 - 18:46:17 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 13/09/2013 - 12:33:23 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 19/03/2014 - 14:12:09 - [] ----D C:\Users\LOVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 255 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.278D77FC352CBA1EDE2A8F8FFA17E140] - 03/06/2014 - 16:48:48 ---A- . (...) -- C:\zoek-results2014-06-03-194848.log [61669]
O44 - LFC:[MD5.142152132709BBE934B45B95116356DA] - 04/06/2014 - 10:10:57 ---A- . (...) -- C:\zoek-results2014-06-04-131057.log [22081]
O44 - LFC:[MD5.9727728B8E785647859736102B9DBBB1] - 05/06/2014 - 16:07:40 ---A- . (...) -- C:\zoek-results.log [858]
~ Files: 36 Legitimates Filtered in 00mn 08s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{d821bf63-ee8a-11df-9fae-d8d3859f1afc}\AutoRun\command. (...) -- J:\WindowsUI\Install.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\lovapc [Key] . (...) -- regsvr32 \s "C:\Users\LOVA\AppData\Roaming\LOVA-PC.jpg" (.not file.)
~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:10/12/2011 - 12:22:09 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [279616]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:01/04/2014 - 17:00:50 ---A- . (.Highlightly - Highlightly Driver x64.) -- C:\Windows\System32\Drivers\hlnfd.sys [58256]
O58 - SDL:17/12/2013 - 16:09:02 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [61592]
O58 - SDL:31/10/2008 - 04:00:24 ---A- . (.PowerISO Computing, Inc. - PowerISO Virtual Drive.) -- C:\Windows\System32\Drivers\scdemu.sys [85936]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [530488]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:22/03/2014 - 15:51:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLib64.sys [61112] =>PUP.LinkiDoo
O58 - SDL:08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:05/06/2014 - 09:46:54 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:25/10/2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 72 Legitimates Filtered in 00mn 45s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7FD8FE44CB8F0599D5FE1D301511EC8B] [SPRF][18/11/2013] (...) -- C:\Users\LOVA\AppData\Roaming\unins000.dat [33039]
[MD5.ACDCBBEC5909F53A75A46BF26153D6C8] [SPRF][05/03/2014] (...) -- C:\Users\LOVA\AppData\Roaming\unins001.dat [16675]
[MD5.FFD5F65CAC35C13FCC2E4C3582037FFC] [SPRF][23/05/2010] (...) -- C:\Users\LOVA\AppData\Roaming\wklnhst.dat [108]
[MD5.2B81032476A62F12F884DA587B64EE95] [SPRF][12/04/2012] (...) -- C:\Users\LOVA\Desktop\HPSDU.exe [2338640]
[MD5.8FB86883B9C3EB06ECB22E9550125482] [SPRF][06/05/2011] (...) -- C:\Users\LOVA\Desktop\SF_CDA_NonNet_Full_Win_WW_130_140.exe [211428624]
~ Files: 7 Legitimates Filtered in 00mn 13s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{944484D4-1E30-4FD1-90AA-97546C6BA5FF}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\LOVA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{D9F59F6C-22AF-4FBC-AB73-685115569F2B}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\LOVA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\Windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 443 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 03/06/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (BBSvc) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe =>Toolbar.Bing
SS - | Demand 10/07/1658 0 | (BBUpdate) . (...) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe =>Toolbar.Bing
SS - | Auto 30/04/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/04/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Disabled 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Disabled 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 27/01/2014 571816 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 03/12/2009 28672 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 09/07/2009 124928 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Demand 01/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 26/04/2014 55808 | (iwsr) . (...) - C:\Users\LOVA\AppData\Roaming\InstallW\IWsrv.exe
SR - | Auto 18/05/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files (x86)\Scpad\scpVista.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s

---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [530488]
~ Emulateurs: Scanned in 00mn 07s

---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\SYSTEM\CurrentControlSet\Services\BBSvc] =>Toolbar.Bing^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Classes\AOLTB.AOLToolBand.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AOLTB.AOLToolBand.1] =>Toolbar.Agent
~ Additionnel Scan: 405645 Items scanned in 01mn 41s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
~ MSI: 2 link(s) detected in 00mn 00s

~ 986 Legitimates filtered by white list
End of the scan (570 lines in 03mn 46s)(0)

por **Power Max** Qui 05 Jun 2014, 19:10

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Infecção após ter recebido e aberto email - Página 2 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está o PC depois disto.

por AndréGouveiaCabral Sex 06 Jun 2014, 10:50

Segue relatório:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by LOVA at 06/06/2014 10:46:18
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: Service: iwsr
ELIMINÉ: HKLM\Software\Wow6432Node\Highlightly
ELIMINÉ:* StartupReg: lovapc

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\lova\appdata\roaming\installw\iwsrv.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\hlnfd.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlib64.sys
ELIMINÉ Temporários windows (16) (215.112 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
3 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema

End of clean in 00mn 36s

========== Caminho do ficheiro do relatório ==========
C:\Users\LOVA\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/06/2014 13:14:19 [7507]
C:\Users\LOVA\AppData\Roaming\ZHP\ZHPFix[R2].txt - 06/06/2014 10:46:23 [1464]

O PC continuou lento ao abrir, mesmo com a limpeza com o CCleaner ontem. Mas não apresenta mais qualquer sinal do vírus original. Gostaria de lhe agradecer profundamente por toda a atenção dispensada, e pela paciência com algumas limitações minhas.

por **Power Max** Sex 06 Jun 2014, 10:56

O PC continuou lento ao abrir, mesmo com a limpeza com o CCleaner ontem

Vamos ver se ainda há algo de perigoso em seu PC e remover isto, se for o caso:

Infecção após ter recebido e aberto email - Página 2 772309

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

por AndréGouveiaCabral Sex 06 Jun 2014, 11:06

Já tenho o Malwarebytes instalado e inclusive faço todo sábado um Scan rápido. Quando reiniciei o PC agora, depois do ZHPFix, foi bem mais rápido.
No programa que tenho instalado, aparece Scanner, Protection, Update,Querantine, etc.
O que faço? Desinstalo este e sigo o tutorial?

por **Power Max** Sex 06 Jun 2014, 11:09

Alterando o idioma do Malwarebytes para o português:

Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na próxima tela que surge, clique em Language e selecione a opção Portugueze (Brazil):

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
___________________________________________________________________________

Como executar uma verificação personalizada com o Malwarebytes:

- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:

Verificar Objetos na Memória
Verificar as Configurações da Inicialização e do Registro
Verificar Arquivos Compactados

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).

Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.

por AndréGouveiaCabral Sex 06 Jun 2014, 14:57

Segue:

Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Database version: v2014.05.31.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
LOVA :: LOVA-PC [administrator]

06/06/2014 11:22:03
mbam-log-2014-06-06 (11-22-03).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 567652
Time elapsed: 2 hour(s), 24 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Iminent (PUP.Optional.Iminent.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_olnkgiapbjhdboldbhkagdodklkphaip_0 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dimhcblkpgmkpldmpfimhkhfcnmckodj_0 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dimhcblkpgmkpldmpfimhkhfcnmckodj (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> No action taken.

Files Detected: 120
C:\AdwCleaner\Quarantine\C\Program Files\SupraSavings\SecureAssist.dll.vir (PUP.Optional.AdPeak.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir (PUP.Optional.DomaIQ) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll.vir (PUP.Optional.BabylonToolBar.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll.vir (PUP.Optional.BabylonToolBar.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe.vir (PUP.Optional.BabylonToolBar.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll.vir (PUP.Optional.BabylonToolBar.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe.vir (PUP.Optional.BabylonToolBar.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Umbrella\Umbrella222.exe.vir (PUP.Optional.Iminent) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_br_82\predm.exe.vir (PUP.Optional.Tuto4PC.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Highlightly\Uninstall.exe.vir (PUP.Optional.HighLightly.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\inst\Bootstrapper\IminentUninstall.exe.vir (PUP.Optional.Iminent.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\inst\Bootstrapper\uninstall.exe.vir (PUP.Optional.Iminent) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IminentToolbar\1.8.28.3\iminentApp.dll.vir (PUP.Optional.Iminent) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IminentToolbar\1.8.28.3\iminentEng.dll.vir (PUP.Optional.Iminent) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IminentToolbar\1.8.28.3\iminentsrv.exe.vir (PUP.Optional.Iminent) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IminentToolbar\1.8.28.3\iminentTlbr.dll.vir (PUP.Optional.Iminent) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IminentToolbar\1.8.28.3\bh\iminent.dll.vir (PUP.Optional.Iminent) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\d38454c5-fab8-4dbb-85c2-3e80c6864cb6-2.exe.vir (PUP.Optional.MediaPlayerplus.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\d38454c5-fab8-4dbb-85c2-3e80c6864cb6-3.exe.vir (PUP.Optional.MediaPlayerplus.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\d38454c5-fab8-4dbb-85c2-3e80c6864cb6-4.exe.vir (PUP.Optional.MediaPlayerplus.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\d38454c5-fab8-4dbb-85c2-3e80c6864cb6-5.exe.vir (PUP.Optional.MediaPlayerplus.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bg.exe.vir (PUP.Optional.MediaPlayerplus.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll.vir (PUP.Optional.MediaPlayerplus.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll.vir (PUP.Optional.MediaPlayerplus.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe.vir (PUP.Optional.MediaPlayerplus.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\utils.exe.vir (PUP.Optional.crossRider.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir (PUP.Optional.NextLive.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe.vir (PUP.Optional.NewPlayer.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sk_Enhancer\psupport.dll.vir (PUP.Optional.SProtect.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupraSavings\2rs3.dll.vir (PUP.Optional.SupraSavings.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\surf And keep\1Rio1JMW.x64.dll.vir (PUP.Optional.MultiPlug.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\LOVA\AppData\Local\fst_br_82\Download\majfst.exe.vir (PUP.Optional.FreeSoft) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\LOVA\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe.vir (PUP.Optional.GenericExt.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\SecureAssist.dll.vir (PUP.Optional.AdPeak.A) -> No action taken.
C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe (PUP.Optional.InstallCore) -> No action taken.
C:\Program Files (x86)\FLVPlayer\Uninstall\Uninstall.exe (PUP.Optional.Installcore) -> No action taken.
C:\ProgramData\ZombieAlert\up\2.6.80\ZombieAlert64.exe (PUP.Optional.ZombieAlert.A) -> No action taken.
C:\temp\InstallFilter64.msi (PUP.Optional.AdPeak.A) -> No action taken.
C:\temp\t.msi (PUP.Optional.SupraSavings.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000001 (PUP.Optional.DomaIQ) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000000 (PUP.Optional.DomaIQ) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\File System\010\t\00\00000001 (PUP.Optional.DomaIQ) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\File System\012\t\00\00000000 (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\LOVA\Downloads\FirefoxSetup.exe (PUP.Optional.SuperCool) -> No action taken.
C:\Users\LOVA\Downloads\flashplayer.exe (PUP.Optional.InstallCore.A) -> No action taken.
C:\Users\LOVA\Downloads\Google%20Chrome(1).exe (PUP.Optional.Firseria) -> No action taken.
C:\Users\LOVA\Downloads\Google%20Chrome.exe (PUP.Optional.Firseria) -> No action taken.
C:\Users\LOVA\Downloads\Java (1).exe (PUP.Optional.DomaIQ) -> No action taken.
C:\Users\LOVA\Downloads\Java (3).exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\LOVA\Downloads\Java (4).exe (PUP.Optional.DomaIQ) -> No action taken.
C:\Users\LOVA\Downloads\Java.exe (PUP.Optional.DomaIQ) -> No action taken.
C:\Users\LOVA\Downloads\Player Setup.exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\LOVA\Downloads\Setup (3).exe (PUP.Optional.DomaIQ) -> No action taken.
C:\Users\LOVA\Downloads\Setup (5).exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\LOVA\Downloads\Setup (6).exe (PUP.Optional.DomaIQ) -> No action taken.
C:\Users\LOVA\Downloads\setup(2).exe (PUP.Optional.AirAdInstaller) -> No action taken.
C:\Users\LOVA\Downloads\test (3).exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\LOVA\Downloads\UltimateCodec.exe (PUP.Optional.InstallCore) -> No action taken.
C:\Windows\System32\ZombieAlert.A222801BB6B4.2.6.80.dll (PUP.Optional.ZombieAlert.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dimhcblkpgmkpldmpfimhkhfcnmckodj_0.localstorage (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0.localstorage (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olnkgiapbjhdboldbhkagdodklkphaip_0.localstorage (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0\16 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0\18 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_olnkgiapbjhdboldbhkagdodklkphaip_0\19 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\000259.ldb (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\000292.log (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\CURRENT (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\LOCK (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\LOG (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\LOG.old (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\MANIFEST-000290 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000144.ldb (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000168.log (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\CURRENT (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOCK (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG.old (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\MANIFEST-000166 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\000196.ldb (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\000198.ldb (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\000201.ldb (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\000207.ldb (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\000234.log (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\CURRENT (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\LOCK (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\LOG (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\LOG.old (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\MANIFEST-000232 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dimhcblkpgmkpldmpfimhkhfcnmckodj_0\14 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dimhcblkpgmkpldmpfimhkhfcnmckodj\001362.ldb (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dimhcblkpgmkpldmpfimhkhfcnmckodj\001376.ldb (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dimhcblkpgmkpldmpfimhkhfcnmckodj\001389.log (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dimhcblkpgmkpldmpfimhkhfcnmckodj\CURRENT (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dimhcblkpgmkpldmpfimhkhfcnmckodj\LOCK (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dimhcblkpgmkpldmpfimhkhfcnmckodj\LOG (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dimhcblkpgmkpldmpfimhkhfcnmckodj\LOG.old (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dimhcblkpgmkpldmpfimhkhfcnmckodj\MANIFEST-001387 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\001705.sst (PUP.Optional.FunMoods.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\001783.log (PUP.Optional.FunMoods.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\CURRENT (PUP.Optional.FunMoods.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\LOCK (PUP.Optional.FunMoods.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\LOG (PUP.Optional.FunMoods.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\LOG.old (PUP.Optional.FunMoods.A) -> No action taken.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj\MANIFEST-001781 (PUP.Optional.FunMoods.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\LOVA\AppData\Local\fst_br_82\upfst_br_82.exe.vir (Backdoor.Bot.ED) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\LOVA\AppData\Local\fst_br_82\Download\setup_recover_fst_br_91.exe.vir (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Online Services\UOL\discador.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\LOVA\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000002 (Adware.DomaIQ) -> Quarantined and deleted successfully.

(end)

por **Power Max** Sex 06 Jun 2014, 15:00

Em quase todas as ameaças está constando: No action taken, ou seja: nenhuma ação foi tomada. É preciso selecionar todos os problemas e excluí-los. Depois disto poste o novo relatório que o Malwarebytes irá criar.

por AndréGouveiaCabral Sex 06 Jun 2014, 21:29

Baixei de novo o Malwarebytes, como no tutorial, e segui o passo a passo.

Eis o relatório:

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Protection, 06/06/2014 15:26:11, SYSTEM, LOVA-PC, Protection, Malware Protection, Starting,
Protection, 06/06/2014 15:26:11, SYSTEM, LOVA-PC, Protection, Malware Protection, Started,
Protection, 06/06/2014 15:26:11, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Starting,
Update, 06/06/2014 15:26:37, SYSTEM, LOVA-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.6.2.1,
Protection, 06/06/2014 15:26:49, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Started,
Update, 06/06/2014 15:27:44, SYSTEM, LOVA-PC, Manual, Malware Database, 2014.3.4.9, 2014.6.6.6,
Protection, 06/06/2014 15:27:46, SYSTEM, LOVA-PC, Protection, Refresh, Starting,
Protection, 06/06/2014 15:27:46, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Stopping,
Protection, 06/06/2014 15:27:46, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Stopped,
Protection, 06/06/2014 15:27:50, SYSTEM, LOVA-PC, Protection, Refresh, Success,
Protection, 06/06/2014 15:27:50, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Starting,
Protection, 06/06/2014 15:27:50, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Started,
Update, 06/06/2014 15:28:07, SYSTEM, LOVA-PC, Manual, Malware Database, 2014.6.6.6, 2014.6.6.7,
Protection, 06/06/2014 15:28:21, SYSTEM, LOVA-PC, Protection, Refresh, Starting,
Protection, 06/06/2014 15:28:21, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Stopping,
Protection, 06/06/2014 15:28:21, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Stopped,
Protection, 06/06/2014 15:28:26, SYSTEM, LOVA-PC, Protection, Refresh, Success,
Protection, 06/06/2014 15:28:26, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Starting,
Protection, 06/06/2014 15:28:27, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Started,
Update, 06/06/2014 16:58:22, SYSTEM, LOVA-PC, Scheduler, Malware Database, 2014.6.6.7, 2014.6.6.8,
Protection, 06/06/2014 16:58:24, SYSTEM, LOVA-PC, Protection, Refresh, Starting,
Protection, 06/06/2014 16:58:24, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Stopping,
Protection, 06/06/2014 16:58:25, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Stopped,
Protection, 06/06/2014 16:59:07, SYSTEM, LOVA-PC, Protection, Refresh, Success,
Protection, 06/06/2014 16:59:07, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Starting,
Protection, 06/06/2014 16:59:46, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Started,
Update, 06/06/2014 17:45:08, SYSTEM, LOVA-PC, Scheduler, Malware Database, 2014.6.6.8, 2014.6.6.9,
Protection, 06/06/2014 17:45:30, SYSTEM, LOVA-PC, Protection, Refresh, Starting,
Protection, 06/06/2014 17:45:30, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Stopping,
Protection, 06/06/2014 17:45:30, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Stopped,
Protection, 06/06/2014 17:45:57, SYSTEM, LOVA-PC, Protection, Refresh, Success,
Protection, 06/06/2014 17:45:57, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Starting,
Protection, 06/06/2014 17:45:59, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Started,
Protection, 06/06/2014 21:16:06, SYSTEM, LOVA-PC, Protection, Malware Protection, Starting,
Protection, 06/06/2014 21:16:06, SYSTEM, LOVA-PC, Protection, Malware Protection, Started,
Protection, 06/06/2014 21:16:06, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Starting,
Protection, 06/06/2014 21:17:31, SYSTEM, LOVA-PC, Protection, Malicious Website Protection, Started,

(end)

A mensagem no final foi de que não forma detectados malwares.

por **Power Max** Sex 06 Jun 2014, 21:45

Como está o PC?

por AndréGouveiaCabral Sex 06 Jun 2014, 22:12

O PC está ótimo, entrando rápido na última reinicialização. Muitíssimo obrigado por tudo. Sua orientação foi preciosa. Não abrirei mais email duvidoso em hipótese alguma. Mais uma vez obrigado.

por **Power Max** Sex 06 Jun 2014, 22:13

Fico feliz que o problema tenha sido resolvido.

Infecção após ter recebido e aberto email - Página 2 772309

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Infecção após ter recebido e aberto email - Página 2 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Infecção após ter recebido e aberto email - Página 2 648673379

Infecção após ter recebido e aberto email - Página 2 648673379

Foi um prazer ajudar. Conte sempre conosco!

por Conteúdo patrocinado

Infecção após ter recebido e aberto email