Invasor de Navegadores.

Caro Joram,

Bom dia

Há alguns dias está aparecendo o escrito indesejável "http:/? type=hppppp", assim que abro os navegadores Google Chrome e o Mozilla Firefox. Poderia fazer a gentileza de me orientar no sentido de extirpar esse invasor de meus navegadores? Para sua análise prévia, posto-lhe abaixo o log gerado pelo ZHPDiag, a saber:


~ Relatório do ZHPDiag v2015.1.15.6 - Nicolas Coolman  (15/01/2015)
~ Iniciado por Haroldo (09/02/2015 12:27:47)
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17501
MFIE: Mozilla Firefox 35.0.1 (Defaut)
GCIE: Google Chrome v40.0.2214.111

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Avast Free Antivirus v10.0.2208
Malwarebytes Anti-Malware versão 2.0.4.1028
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v5.00

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 16 NPAPI
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766.8 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (24%) free of 187 GB

---\\ Modo de conexão ao sistema
~ Computer Name: HAROLDO-PC
~ User Name: Haroldo
~ All Users Names: HomeGroupUser$, Haroldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Haroldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Haroldo\AppData\Roaming\
~ %Desktop% : C:\Users\Haroldo\Desktop\
~ %Favorites% : C:\Users\Haroldo\Favorites\
~ %LocalAppData% : C:\Users\Haroldo\AppData\Local\
~ %StartMenu% : C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 187 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 25 Go of 98 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.4AF089160FE082E5EA5C4AA72782DCA2] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/11/2014 - 22:28:21.) -- C:\Windows\System32\wininet.dll [2358272]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.16/07/2014 - 23:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.10/11/2014 - 22:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/392
~ Mes musiques (My Musics) : 1/51
~ Mes Videos (My Videos) : 1/1296
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 1/225
~ Mon Bureau (My Desktop) : 1/38
~ Menu demarrer (Programs) : 1/43
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processos lançados
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe   [275072] [PID.2852]
[MD5.6226810F26227F083929AC5584122951] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe   [39207112] [PID.2896]
[MD5.44ADDA5FB88EE14F57A246285775AC2F] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe   [5227112] [PID.2108]
[MD5.8D983B20A6DA39016B13213E54916BD1] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe   [296520] [PID.2208]
[MD5.20989BBD2114539B5C21948E94F6E11E] - (.No owner - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe   [560192] [PID.3088]
[MD5.9153F2335BCDB87F41559CF066223BF9] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [508800] [PID.3116]
[MD5.935CD218C06721994ED48349361467F9] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe   [555320] [PID.896]
[MD5.FF1AC73491E703FB01E2952455F20AAB] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [843592] [PID.3516]
[MD5.AFDF3BDDF90824B727A272A2715D34FB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8154624] [PID.1148]
[MD5.E3F7EC811923F3F1A77B185F22638E5E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [50344] [PID.1468]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [81088] [PID.1788]
[MD5.590DE2C0FF4E367050239BD1DDC912C1] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe   [39568] [PID.2364]
[MD5.AC36A47C010100B7EDFB2A70114D3E89] - (.RealNetworks, Inc. - RealPlayer Cloud Service.) -- c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe   [1141848] [PID.2396]
[MD5.A650FA927A4D1D71C53E317A0DDD6B7E] - (...) -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe   [31856] [PID.2420]
[MD5.988CDC4DAE2186F3A5ED6EE7D3E6B5CA] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe   [786256] [PID.5588]
~ Processes Running:  Scanned in 00mn 03s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\prefs.js
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886D} . (...) --
M0 - MFSP: prefs.js [Haroldo - ensx4ttz.default-1412532628526] ?type=hppppp
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 25 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File:  Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer [64Bits] - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealDownloader - RealPlayer Video Downloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Bnb [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540014} . (.Banco do Nordeste do Brasil S.A. - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehbnb.dll
O2 - BHO: (no name) [64Bits] - {6468068f-3b63-4e56-bc34-ba140569e43f} Chave orfã
~ BHO: 13 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Speak Logic - [HKLM]{b0c6f530-cffd-47ad-b243-f1825a3f1f67} . (...) -- C:\Program Files (x86)\The Speak Logic Project\Speak Logic Information Analysis for IE\adxloader64.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Diebold - Warsaw] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe   =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe   =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [RealDownloader] . (.No owner - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKUS\S-1-5-21-1335456900-3083802626-1046228050-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe   =>.Piriform Ltd
~ Application:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bnb.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) . (...) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) - C:\Program Files\Diebold\Warsaw\core.exe
~ Services: 15 Legitimates Filtered in 00mn 08s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{1FDE18B0-79EA-4661-B4FE-06F6B5491449}] (...) -- C:\Users\Haroldo\Downloads\ZHPDiag2-2015.1.31.14.exe (.not file.)   [0]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{53A6980A-BA36-4FD5-96D0-1F97A82B64DE}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Haroldo\Downloads\Receitanet-1.04.exe   [6182597]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{630983C1-05B8-4F20-86CD-8D4CBB21A9B6}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe   [31232]
[MD5.06CB2A6BECACEDB33530A0C4E3466E95] [APT] [{6EA03C4D-4FC9-4473-983C-7770EB13FBB6}] (.V.X. Technocom.) -- C:\Users\Haroldo\Downloads\Windows_7_SP1_Ultimate_(64_Bit).exe   [348704]
[MD5.00000000000000000000000000000000] [APT] [{8888E78C-5F18-4EE0-9E35-F65401D5B965}] (...) -- C:\Users\Haroldo\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.)   [0]  =>Hijacker.OmigaPlus
[MD5.27902E96B1E4661AB91F98434E408357] [APT] [{98FB337E-089B-4AAB-9FA2-ECF4075B703E}] (...) -- C:\Users\Haroldo\Downloads\ReceitanetJava2010.02d_setup_win32.exe   [3798462]
[MD5.6D1E1FAB7950DFCEB4F4FE895D8EC778] [APT] [{999705DA-C4D0-4195-8729-B271B7E23AC0}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFsf(1).exe   [2514272]
[MD5.00000000000000000000000000000000] [APT] [{C24E0C33-6C36-41BA-A123-3CD2FF6D1AAC}] (...) -- C:\Program Files (x86)\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hwsetupwizard\setup_guide.exe (.not file.)   [0]
[MD5.6D1E1FAB7950DFCEB4F4FE895D8EC778] [APT] [{CC33EF03-81DA-46CE-A364-A88BF0933152}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFsf.exe   [2514272]
[MD5.00000000000000000000000000000000] [APT] [{E6F1635B-0037-44DE-B4BB-17F1C5483EC8}] (...) -- C:\Users\Haroldo\Downloads\ZHPDiag2.exe (.not file.)   [0]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1066]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1070]
~ Scheduled Task: 40 Legitimates Filtered in 00mn 10s



---\\ Software instalados (042)
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva  - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva  - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Speak Logic Information Analysis for IE - (.The Speak Logic Project.) [HKLM][64Bits] -- {25934AA5-D61C-44A2-81F9-4B1A4BEA0D45}
O42 - Logiciel: Warsaw 1.5.1.8886 64 bits - (.GAS Tecnologia.) [HKLM][64Bits] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
~ Logic: 20 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5Oftwares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKCU\Software\MiniGet]
[HKCU\Software\Pro-SoftNet]
[HKCU\Software\SERPRO]
[HKCU\Software\Zugara Investment]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\Programas RFB]
[HKLM\Software\Wow6432Node\lsdprn]
[HKLM\Software\lsdprn]
~ Key Software: 356 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/01/2015 - 14:54:30 - [] --H-D C:\Program Files (x86)\Diebold
O43 - CFD: 25/08/2014 - 21:36:17 - [] ----D C:\Program Files (x86)\Minituner
O43 - CFD: 30/04/2014 - 03:13:22 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 11/08/2014 - 11:44:12 - [] ----D C:\Program Files (x86)\The Speak Logic Project
O43 - CFD: 02/02/2015 - 19:23:27 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 11/02/2013 - 06:05:38 - [] ----D C:\ProgramData\IDriveSync
O43 - CFD: 06/02/2015 - 13:03:11 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 15/05/2014 - 04:35:38 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 02/02/2015 - 20:17:11 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
O43 - CFD: 17/11/2014 - 20:08:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oasis Games Limited
O43 - CFD: 30/04/2014 - 03:13:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 14/07/2009 - 16:11:46 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 05/10/2014 - 17:59:30 - [] ----D C:\Users\Haroldo\AppData\Roaming\0I0M0D1F2W1G1I1F1T1Q1P1C
O43 - CFD: 15/08/2014 - 18:15:52 - [] ----D C:\Users\Haroldo\AppData\Roaming\398
O43 - CFD: 15/08/2014 - 01:15:00 - [] ----D C:\Users\Haroldo\AppData\Roaming\Baidu Security
O43 - CFD: 12/02/2013 - 06:24:58 - [] ----D C:\Users\Haroldo\AppData\Roaming\IDriveSync
O43 - CFD: 16/03/2013 - 03:22:48 - [] ----D C:\Users\Haroldo\AppData\Roaming\PCF
O43 - CFD: 15/08/2014 - 16:05:37 - [] ----D C:\Users\Haroldo\AppData\Roaming\ProductData
O43 - CFD: 15/05/2014 - 04:34:31 - [] ----D C:\Users\Haroldo\AppData\Roaming\rmi
O43 - CFD: 13/11/2014 - 01:52:45 - [] -SH-D C:\Users\Haroldo\AppData\Local\EmieBrowserModeList
O43 - CFD: 22/06/2013 - 15:34:40 - [] ----D C:\Users\Haroldo\AppData\Local\{35A3A4F2-B792-11D6-A78A-00B0D0142050}
O43 - CFD: 12/04/2013 - 13:23:40 - [] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 08/04/2014 - 22:44:28 - [] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 264 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7A3FBE2EA2CDF5CF3086EB3736615453] - 02/02/2015 - 21:42:53 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [157112]
O44 - LFC:[MD5.E811AB8A30BC0C3DF8AB3651172B24CE] - 02/02/2015 - 21:42:53 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [739280]
O44 - LFC:[MD5.5A71DC94267EF0B284E0ACD73167C030] - 03/02/2015 - 10:49:24 ---A- . (...) -- C:\Windows\System32\2015-02-03-13-49-17.086-AvastVBoxSVC.exe-5624.log   [197]
O44 - LFC:[MD5.680B102BCB7CFED3E9A221E89B014E1E] - 04/02/2015 - 01:26:29 ---A- . (...) -- C:\Windows\System32\2015-02-04-04-26-27.055-AvastVBoxSVC.exe-3576.log   [197]
O44 - LFC:[MD5.C6D5CAC7231A172E99543E7BA3ABF939] - 04/02/2015 - 13:42:58 ---A- . (...) -- C:\Windows\System32\2015-02-04-16-42-54.029-AvastVBoxSVC.exe-4636.log   [197]
O44 - LFC:[MD5.08738A6C447AE7C02A3AE18171972E8F] - 04/02/2015 - 15:48:54 ---A- . (...) -- C:\Windows\System32\2015-02-04-18-48-53.006-AvastVBoxSVC.exe-2628.log   [197]
O44 - LFC:[MD5.A200547A45682D40CC2DB9492710944D] - 04/02/2015 - 16:45:00 ---A- . (...) -- C:\Windows\System32\2015-02-04-19-44-59.094-AvastVBoxSVC.exe-4264.log   [197]
O44 - LFC:[MD5.E61FB2A8C5BDA82C66C08AE657CE60C5] - 04/02/2015 - 23:20:25 ---A- . (...) -- C:\Windows\System32\2015-02-05-02-19-58.068-AvastVBoxSVC.exe-3568.log   [197]
O44 - LFC:[MD5.58CCE00C8A32B5CC9802EE6350DE3635] - 05/02/2015 - 16:41:39 ---A- . (...) -- C:\Windows\System32\2015-02-05-19-41-38.017-AvastVBoxSVC.exe-1892.log   [197]
O44 - LFC:[MD5.39DF2AF8C32FBF9EBDFC6597CBC7C75C] - 06/02/2015 - 08:09:18 ---A- . (...) -- C:\Windows\System32\2015-02-06-11-09-18.004-AvastVBoxSVC.exe-4316.log   [197]
O44 - LFC:[MD5.176F3F5C15D841ADAE0B660D4E2A32BC] - 06/02/2015 - 12:37:12 ---A- . (...) -- C:\Windows\System32\2015-02-06-15-37-11.035-AvastVBoxSVC.exe-4496.log   [197]
O44 - LFC:[MD5.3DD8D18918F759C5EB660BB887F7D284] - 06/02/2015 - 12:57:20 ---A- . (...) -- C:\PureRa.txt   [23858]
O44 - LFC:[MD5.280B82D714E1C745BC24337CF92A5381] - 06/02/2015 - 23:20:50 ---A- . (...) -- C:\Windows\System32\2015-02-07-02-14-34.009-aswFe.exe-5764.log   [247]
O44 - LFC:[MD5.AF55ED3DD0A6B08536862FA7B28459BF] - 07/02/2015 - 07:00:21 ---A- . (...) -- C:\Windows\System32\2015-02-07-10-00-14.075-AvastVBoxSVC.exe-5256.log   [197]
O44 - LFC:[MD5.8FCFF00DE805D373930DF276F9216DF3] - 08/02/2015 - 22:53:31 ---A- . (...) -- C:\Windows\System32\2015-02-09-01-53-23.019-AvastVBoxSVC.exe-3812.log   [197]
O44 - LFC:[MD5.3D08C23AABD72E02289F3A70968B94FB] - 08/02/2015 - 23:22:31 ---A- . (...) -- C:\Windows\System32\2015-02-09-02-22-30.049-AvastVBoxSVC.exe-4108.log   [197]
O44 - LFC:[MD5.D4321697F34ED789029EF5EAE7C3F677] - 09/02/2015 - 10:28:41 ---A- . (...) -- C:\Windows\System32\2015-02-09-13-28-40.012-AvastVBoxSVC.exe-2728.log   [0]
O44 - LFC:[MD5.B30FCFB4B94BDBFC312AC3DFFD46AA7B] - 09/02/2015 - 10:36:57 ---A- . (...) -- C:\Windows\System32\2015-02-09-13-28-44.067-aswFe.exe-2612.log   [247]
O44 - LFC:[MD5.B70AFCA9FC7D8A181EFA8183C1D3C63B] - 09/02/2015 - 10:37:12 ---A- . (...) -- C:\Windows\System32\2015-02-09-13-37-10.080-aswFe.exe-5944.log   [247]
O44 - LFC:[MD5.34EF0D8760A8F56C7EA1A71CFAA2F380] - 09/02/2015 - 10:54:31 ---A- . (...) -- C:\Windows\System32\2015-02-09-13-54-30.050-AvastVBoxSVC.exe-5068.log   [0]
O44 - LFC:[MD5.2F031F67B4A2DD6F3F1350A2DC2522B2] - 26/01/2015 - 02:25:44 ---A- . (...) -- C:\Windows\System32\2015-01-26-05-25-42.043-AvastVBoxSVC.exe-4884.log   [197]
O44 - LFC:[MD5.7C68DDC267F9EC61F721CB697B427F17] - 26/01/2015 - 10:50:11 ---A- . (...) -- C:\Windows\System32\2015-01-26-13-50-10.054-AvastVBoxSVC.exe-3384.log   [197]
O44 - LFC:[MD5.782FC2948706E62F5094046975D842A5] - 26/01/2015 - 10:57:57 ---A- . (...) -- C:\Windows\System32\2015-01-26-13-50-16.019-aswFe.exe-3172.log   [247]
O44 - LFC:[MD5.32B10DF37BE4C299E29753678BADBBFE] - 26/01/2015 - 10:58:09 ---A- . (...) -- C:\Windows\System32\2015-01-26-13-58-07.001-aswFe.exe-5284.log   [247]
O44 - LFC:[MD5.C95A834F84EE3951F6ADCEA1A3E147DF] - 27/01/2015 - 08:47:43 ---A- . (...) -- C:\Windows\System32\2015-01-27-11-47-22.004-AvastVBoxSVC.exe-3404.log   [197]
O44 - LFC:[MD5.950EAC19B41A599DCA39C05ACC618118] - 28/01/2015 - 00:10:53 ---A- . (...) -- C:\Windows\System32\2015-01-28-03-10-50.094-AvastVBoxSVC.exe-4464.log   [197]
O44 - LFC:[MD5.34CDBC442AE8C7D2C1A16C07A3DA43B3] - 29/01/2015 - 00:07:21 ---A- . (...) -- C:\Windows\System32\2015-01-29-03-07-19.037-AvastVBoxSVC.exe-3272.log   [197]
O44 - LFC:[MD5.E3E3385F728C21BA11327FFEDB66567C] - 29/01/2015 - 08:12:45 ---A- . (...) -- C:\Windows\System32\2015-01-29-11-12-45.002-AvastVBoxSVC.exe-3356.log   [197]
O44 - LFC:[MD5.8D568B1E99BAD4BCC9B58A06E22A5354] - 29/01/2015 - 13:56:46 ---A- . (.Basil's Projects - WinDivert network packet capture and (re)in.) -- C:\Windows\System32\WinDivert64.sys   [37592]
O44 - LFC:[MD5.2C1EA4F0084B46604F4F437776551F36] - 29/01/2015 - 13:58:27 ---A- . (.Basil's Projects - WinDivert network packet capture and (re)in.) -- C:\Windows\System32\WinDivert.dll   [33592]
O44 - LFC:[MD5.0CB7EAC4DD27901272A2D9F2949B00B1] - 29/01/2015 - 14:00:12 ---A- . (...) -- C:\.rnd   [1024]
O44 - LFC:[MD5.2F1D2C88A079388FE800DC5DAA6F42E3] - 30/01/2015 - 10:50:07 ---A- . (...) -- C:\Windows\System32\2015-01-30-13-50-05.070-AvastVBoxSVC.exe-5988.log   [197]
O44 - LFC:[MD5.09D87BA792476F12E370AC85E8813EA8] - 30/01/2015 - 14:16:30 ---A- . (...) -- C:\Windows\System32\2015-01-30-17-16-30.006-AvastVBoxSVC.exe-4044.log   [197]
O44 - LFC:[MD5.5123F61C8BA8841F53F36FE9DA7EFDF9] - 31/01/2015 - 08:09:53 ---A- . (...) -- C:\Windows\System32\2015-01-31-11-09-50.035-AvastVBoxSVC.exe-4892.log   [197]
~ Files: 62 Legitimates Filtered in 00mn 32s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 13 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VDownloader  [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys   [289952]
O58 - SDL:17/11/2014 - 18:54:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys   [29208]  =>.ALWIL Software
O58 - SDL:17/11/2014 - 18:54:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65776]  =>.ALWIL Software
O58 - SDL:17/11/2014 - 18:54:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [267632]  =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:25/08/2014 - 10:10:04 ---A- . (.Basil's Projects - WinDivert network packet capture and (re)injection driver.) -- C:\Windows\System32\WinDivert64.sys   [37592]
O58 - SDL:13/03/2014 - 23:34:01 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys   [31088]
~ Drivers: 68 Legitimates Filtered in 00mn 35s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 17/11/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 02/09/2014 - C:\Program Files (x86)\GbPlugin\wsftprp64.sys (Warsaw_PP)  .(.GAS Tecnologia LTDA - GAS Tecnologia - Driver (PP).) - LEGACY_WARSAW_PP
O64 - Services: CurCS - 25/08/2014 - C:\Windows\system32\WinDivert64.sys (WinDivert1.1)  .(.Basil's Projects - WinDivert network packet capture and (re)in.) - LEGACY_WINDIVERT1.1
~ Legacy: 108 Legitimates Filtered in 00mn 01s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <BaiduSparkHTML>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A8A41EC260BE87BDFA75055227126490] [SPRF][06/02/2015] (...) -- C:\Users\Haroldo\Desktop\498-wrar520br.exe   [3974944]
[MD5.2FECF810C20333BC11C69C0F1216FE69] [SPRF][17/11/2014] (.New IT Solutions - 4shared Desktop.) -- C:\Users\Haroldo\Desktop\4shared_Desktop_4.0.13.27129.exe   [11645848]
[MD5.B5998562E394D9DB672D012D4E670790] [SPRF][06/02/2015] (.No owner - Aut2Exe.) -- C:\Users\Haroldo\Desktop\AdwCleaner.exe   [2112512]
[MD5.F5728FC96716FB5D54B049AEE0428550] [SPRF][09/07/2011] (.3rd Eye Solutions - FlashJester Jugglor Engine.) -- C:\Users\Haroldo\Desktop\Afinador universal ETM 5-portable.exe   [1464056]
[MD5.5409440831ABF31BFE472D1576065BAE] [SPRF][14/03/2011] (...) -- C:\Users\Haroldo\Desktop\aquario_v6_4a APR2426.bin   [1446930]
[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [SPRF][09/08/2014] (.Atribune.org - ATF Cleaner.exe.) -- C:\Users\Haroldo\Desktop\ATF-Cleaner.exe   [50688]
[MD5.67066E444C074E2824B6211FA8B2FA4A] [SPRF][13/08/2014] (...) -- C:\Users\Haroldo\Desktop\CPE_SLP_NETWORKMSI_hpcom_000_006.exe   [11762000]
[MD5.2D7C1F659699D6DA65E1F9B70B84C2C4] [SPRF][22/02/2007] (.GSpot Appliance Corp, a unit of GSp0t Heavy - GSpot Codec Information Appliance (tm).) -- C:\Users\Haroldo\Desktop\GSpot.exe   [925696]
[MD5.54A09129F5DF69BBBA3095894DF6788C] [SPRF][02/08/2013] (.No owner - K-Lite Codec Pack Setup.) -- C:\Users\Haroldo\Desktop\K-Lite_Codec_Pack_975_Standard.exe   [14153812]
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\Haroldo\Desktop\PureRa.exe   [76565]
[MD5.16C317F08A0E24F8A059192F3AB7BC7B] [SPRF][11/04/2014] (...) -- C:\Users\Haroldo\Desktop\SUP_S922_V1.09.11830_20140411-maz.bin   [3169264]
[MD5.EB337CDFA1E9B69F951A75631D2B484E] [SPRF][09/06/2010] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll   [113192]
~ Files: 13 Legitimates Filtered in 00mn 01s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass)  =>PUP.CrossRider
~ BCK: 4560 Legitimates Filtered in 00mn 09s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 06/02/2015 267440 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 17/10/2014 107912 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/10/2014 107912 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2012 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 |  (KMService) . (...) - C:\Windows\system32\srvany.exe
SS - | Auto 17/10/2014 2283296 |  (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 28/01/2015 114800 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 19/12/2014 81088 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/01/2015 77128 |  (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 17/11/2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 17/11/2014 4012248 |  (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21/09/2009 1420560 |  (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 03/11/2014 555320 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Demand 27/01/2015 643880 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 15/07/2014 786256 |  (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/10/2014 39568 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 17/11/2014 1141848 |  (RealPlayer Cloud Service) . (.RealNetworks, Inc..) - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
SR - | Auto 30/10/2014 31856 |  (RealPlayerUpdateSvc) . (...) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
SR - | Auto 21/09/2009 831760 |  (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 14/05/2010 249136 |  (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 06/09/2014 847160 |  (Warsaw Technology) . (.GAS Tecnologia LTDA.) - C:\Program Files\Diebold\Warsaw\core.exe
SR - | Demand 10/07/1658 1255736 |  (WatAdminSvc) . (...) - C:\Windows\System32\Wat\WatAdminSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 12s



---\\ Scâner Aditional (088)
Database Version : 13008 - (15/01/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 1

[HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass)   =>PUP.CrossRider^
~ Additionnel Scan: 371145 Items scanned in 01mn 04s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.OmigaPlus
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.CrossRider
~ MSI: 2 link(s) detected in 00mn 00s



~ 1058 Legitimates filtered by white list
End of the scan (533 lines in 03mn 30s)(0)

Olá Pamonha.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Caro Joram, boa tarde.

Abaixo, o log gerado pelo AdwCleaner. Fico no aguardo de possível reorientação.


# AdwCleaner v4.110 - Logfile created 09/02/2015 at 15:38:02
# Updated 05/02/2015 by Xplode
# Database : 2015-02-08.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Haroldo - HAROLDO-PC
# Running from : C:\Users\Haroldo\Downloads\AdwCleaner (1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [3848 bytes] - [06/02/2015 13:18:33]
AdwCleaner[R1].txt - [910 bytes] - [06/02/2015 13:57:05]
AdwCleaner[R2].txt - [1026 bytes] - [09/02/2015 11:46:10]
AdwCleaner[R3].txt - [1150 bytes] - [09/02/2015 15:35:38]
AdwCleaner[S0].txt - [5174 bytes] - [06/02/2015 13:30:54]
AdwCleaner[S1].txt - [975 bytes] - [06/02/2015 13:59:40]
AdwCleaner[S2].txt - [1093 bytes] - [09/02/2015 11:49:05]
AdwCleaner[S3].txt - [1078 bytes] - [09/02/2015 15:38:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1137  bytes] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Prezado Joram, boa noite.

Abaixo o log gerado pelo Zoek.exe, permanecendo no aguardo de possível reorientação.


Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Haroldo on 10/02/2015 at  0:41:04.24.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Haroldo\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/02/2015 00:44:14 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\ensx4ttz.default-1412532628526\prefs.js:
user_pref("browser.startup.homepage", "?type=hppppp");
user_pref("keyword.URL", "");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\ensx4ttz.default-1412532628526\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\extensions\prefs.js:
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\se6rb103.default\prefs.js:
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
#user_pref("browser.search.order.1", "Google");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\se6rb103.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\ensx4ttz.default-1412532628526

user.js not found
---- Lines Search  removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"artur.dubovoy@gmail.com\":{\"d\":\"C:\\\\Users\\\\Haroldo\\\\AppData\\\\Roaming\\\\Mozilla\\\\Fi
---- FireFox user.js and prefs.js backups ----

prefs_022015_0119_.backup

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\extensions

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_022015_0119_.backup

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\se6rb103.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_022015_0119_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{338950EA-82DB-44C1-930D-0C28E023C9F0}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [17/11/2014 12:43]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [12/01/2015 15:24]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\ensx4ttz.default-1412532628526
- Undetermined - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Undetermined - {87F8774F-B485-47E2-A755-A40A8A5E886D}
- Flash Video Downloader - YouTube Full HD Download - %ProfilePath%\extensions\artur.dubovoy@gmail.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
6C5C8D59CF0FAB004AB572F4F11BC5E0 - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
ECAA8B7CFE5AF18BFAB1F7D2AB731E4D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5  (32-bit)
E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
D006D3FEB1F62EB274A42FDDD008985C - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal

Profilepath: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default
6C5C8D59CF0FAB004AB572F4F11BC5E0 - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
ECAA8B7CFE5AF18BFAB1F7D2AB731E4D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5  (32-bit)
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
D006D3FEB1F62EB274A42FDDD008985C - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17/11/2014 19:54]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[27/07/2014 03:37]

Google Docs - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
Gmail - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Haroldo\Desktop\Dropbox.lnk - C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Haroldo\Desktop\HP Photosmart D110 series - Atalho.lnk -  
C:\Users\Haroldo\Desktop\HP-ePrint-win-4.7.68.13782 - Atalho.lnk - C:\Users\Haroldo\Downloads\HP-ePrint-win-4.7.68.13782.exe
C:\Users\Haroldo\Desktop\hppiw - Atalho.lnk - C:\Users\Haroldo\Downloads\hppiw.exe
C:\Users\Haroldo\Desktop\iGBPCEFgb - Atalho.lnk - C:\Users\Haroldo\Downloads\iGBPCEFgb.exe
C:\Users\Haroldo\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe
C:\Users\Haroldo\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
C:\Users\Haroldo\Desktop\JavaSetup7u25 - Atalho.lnk - C:\Users\Haroldo\Downloads\JavaSetup7u25.exe
C:\Users\Haroldo\Desktop\Nero - Atalho.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
C:\Users\Haroldo\Desktop\PS_AIO_07_D110_USW_Basic_Win_ptb_140_126 - Atalho.lnk - C:\Users\Haroldo\Downloads\PS_AIO_07_D110_USW_Basic_Win_ptb_140_126.exe
C:\Users\Haroldo\Desktop\SendSpace Wizard.lnk - C:\Program Files (x86)\SendSpace\Wizard\SendSpace Wizard.exe
C:\Users\Haroldo\Desktop\Synthesia - Atalho (2).lnk - C:\Program Files (x86)\Synthesia\Synthesia.exe
C:\Users\Haroldo\Desktop\wiaacmgr - Atalho.lnk - C:\Windows\System32\wiaacmgr.exe
C:\Users\Haroldo\Desktop\Windows Media Player - Atalho.lnk - C:\Program Files (x86)\Windows Media Player
C:\Users\Haroldo\Desktop\WinRAR - Atalho.lnk - C:\Program Files (x86)\WinRAR
C:\Users\Haroldo\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\Haroldo\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Guitar Pro 6.lnk - C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk - C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\LibreOffice 4.2.lnk - C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files (x86)\PowerISO\PowerISO.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\RealPlayer Cloud.lnk - C:\program files (x86)\real\realplayer\RealPlay.exe /launch:desktop
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Downloads.lnk -  
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SendSpace Wizard\Uninstall Wizard.lnk - C:\Program Files (x86)\SendSpace\Wizard\Uninstall.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SendSpace Wizard\Wizard.lnk - C:\Program Files (x86)\SendSpace\Wizard\SendSpace Wizard.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual da consola do RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Novidades na última versão.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Buscar Meu iPhone.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe find
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendário.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe calendar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contatos.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe contacts
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Fotos do iCloud.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud para Windows.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Lembretes.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe reminders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe mail
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notas.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe notes
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero ControlCenter.lnk - C:\Windows\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero MediaBrowser.lnk - C:\Program Files (x86)\Nero\KM\MediaBrowser.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero MediaHome.lnk - C:\Program Files (x86)\Nero\KM\MediaHome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oasis Games Limited\Uninstall.lnk - C:\Program Files (x86)\Oasis Games Limited\Legend online\uninstaller.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\SysWOW64\msiexec.exe /i {3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\Windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\Montador do RealPlayer.lnk - C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Cloud.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:start_menu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk - C:\Program Files (x86)\Real\RealPlayer\realconverter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Downloader.lnk - C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual da consola do RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Novidades na última versão.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk - C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\avast Free Antivirus.lnk -  
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Bluetooth File Transfer Wizard.lnk - C:\Windows\System32\fsquirt.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Haroldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Haroldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Haroldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Haroldo\AppData\Local\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=18 folders=20 14066385 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Users\Haroldo\AppData\Local\Temp will be emptied at reboot
C:\Users\Usuário Padrão\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Haroldo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 10/02/2015 at  1:37:43.88 ======================

Caro Joram,

Testanto os navegadores, após a limpeza procedida pelo Zoek.exe, comprovamos que Internet Explorer e Mozilla Firefox foram limpos, porém no Google Chrome o referido invasor reaparece em fração de segundos, sendo, logo após, substituído pela também invasora expressão "about:blank".

Dito isto e, após sua análise do log gerado pelo Zoek.exe, fico na expectativa de sua orientação.

Muito obrigado e boa noite.

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para executá-lo corretamente siga as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.

Caro Joram, boa noite.


Abaixo o log gerado pelo ZHPCleaner. Após sua análise, fico no aguardo de reorientação.

~ ZHPCleaner v2015.2.10.61 by Nicolas Coolman (10/02/2015)
~ Run by Haroldo (Administrator)  (10/02/2015 19:17:33)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Haroldo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (7)
MOVED file****: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\Extensions\artur.dubovoy@gmail.com\chrome (PUP.MozillaPlugin)
MOVED file: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\Extensions\artur.dubovoy@gmail.com\chrome.manifest (PUP.MozillaPlugin)
MOVED file: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\Extensions\artur.dubovoy@gmail.com\components (PUP.MozillaPlugin)
MOVED file****: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\Extensions\artur.dubovoy@gmail.com\defaults (PUP.MozillaPlugin)
MOVED file: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\Extensions\artur.dubovoy@gmail.com\install.rdf (PUP.MozillaPlugin)
MOVED file: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\Extensions\artur.dubovoy@gmail.com\modules (PUP.MozillaPlugin)
MOVED folder*: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\Extensions\artur.dubovoy@gmail.com (PUP.MozillaPlugin)


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (5)
MOVED folder*: C:\Program Files (x86)\Applian Technologies\Freecorder 6 Applications (PUP.ApplianTechnologies)
MOVED folder*: C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5 (PUP.ApplianTechnologies)
MOVED folder*: C:\Program Files (x86)\Applian Technologies (PUP.ApplianTechnologies)
MOVED file: C:\Users\Haroldo\Downloads\PCSpeedMaximizer_AQPTG_FB.exe [Smart PC Solutions                                           - PC Speed Maximizer                                          ] (PUP.PCSpeedMaximizer)
MOVED file: C:\Users\Haroldo\Downloads\RCATSetup.exe [Applian Technologies - Replay Media Catcher 5] (PUP.ApplianTechnologies)


---\\  Registry ( Key, Value, Data) (7)
DELETED key: [X64] HKLM\SOFTWARE\Clients\StartMenuInternet\Beamrise.NWXK3OVJXTZ6HLOWY455TDRZ2Y [Empty] (Hijacker.Beamrise)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\KMService [C:\Windows\system32\srvany.exe] (Hijacker.Office)
DELETED key: HKCU\Software\GSpot Appliance Corp [] (PUP.ApplianTechnologies)
DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47A98CE2-3C2D-433b-9A4D-CF1F02C61C5D} [C:\Program Files\Freecorder extension x64] (PUP.FreecorderExtension)
DELETED key: HKLM\SOFTWARE\Wow6432Node\Applian [] (PUP.ApplianTechnologies)
DELETED key: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4389448C-DB57-4d55-9595-D368BA063EF6} [C:\Program Files (x86)\Freecorder extension] (PUP.FreecorderExtension)
DELETED key: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{515A0983-AAA3-4742-B6FF-62E8B2F4F7F7} [C:\Program Files (x86)\Freecorder extension] (PUP.FreecorderExtension)



---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 67941
~ Items found : 0
~ Items repaired : 19


End of clean at 19:25:58
===================
ZHPCleaner-[R]-10022015-19_25_58.txt

Faça uma limpeza com o Malwarebytes como mostra o tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Caro Power Max, boa tarde.

Consoante sua orientação, segue o logo gerado pelo "Malwarebytes Anti Malwares", quando permaneço no aguardo de possível reorientação.


mbam-log>
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/02/12 15:02:30 -0200</date>
<logfile>mbam-log-2015-02-12 (15-01-56).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.02.12.04</malware-database>
<rootkit-database>v2015.02.03.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Haroldo</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>434712</objects>
<time>1606</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</

Este que você postou não é o log que precisamos.

Siga as dicas abaixo para acessar o Log (relatório) correto do Malwarebytes:

Para isto abra o Malwarebytes > Clique no botão Histórico > Clique em Logs do Aplicativo > E dê um duplo clique com o botão esquerdo do mouse sobre o Log de Verificação mais atual para abri-lo. Isto é mostrado nesta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na próxima tela que surgirá clique no botão Exportar > e clique na opção Arquivo texto (*.txt):

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na outra tela que vai aparecer dê um nome para este relatório (como LOG por exemplo) > Clique em Área de Trabalho (para que ele seja salvo no seu Desktop) > Clique em Salvar:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Clique em OK na próxima mensagem que aparece:


Depois disto é só postar este log do Malwarebytes em sua próxima resposta.

Caro Power Max, boa tarde.

Seguindo sua orientação, faço abaixo a postagem do log mam, a saber:


Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]


Update, 19/02/2015 16:16:25, SYSTEM, HAROLDO-PC, Manual, Malware Database, 2015.2.18.7, 2015.2.19.7,
Update, 19/02/2015 16:18:00, SYSTEM, HAROLDO-PC, Manual, Malware Database, 2015.2.19.7, 2015.2.19.8,
Scan, 19/02/2015 16:53:14, SYSTEM, HAROLDO-PC, Manual, Start:19/02/2015 16:18:03, Duration:35 min 7 sec, Verificar Ameaça, Terminado, 0 Malware Detections, 0 Non-Malware Detections,

(end)

Você usou só a verificação de ameaças, que não é tão completa como a que é mostrada no tutorial que te passei. Siga as dicas abaixo para fazer a limpeza completa:

Alterando o idioma do Malwarebytes para o português:

Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na próxima tela que surge, logo à frente da palavra Language clique na palavra English e selecione a opção Português (Brasil):

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
___________________________________________________________________________

Como executar uma verificação personalizada com o Malwarebytes:

- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:

Verificar Objetos na Memória
Verificar as Configurações da Inicialização e do Registro
Verificar Arquivos Compactados
Verificar Rootkits

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Neste momento o Malwarebytes irá verificar para ver se há atualizações disponíveis. Caso existam, ele irá solicitar para que você o atualize, neste caso clique em Atualizar Agora, como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Assim que a verificação terminar, caso seu PC esteja seguro e sem ameaças, uma mensagem parecida com esta abaixo aparecerá informando que "No malicious items were detected" (Nenhum ítem malicioso foi detectado). Neste caso tudo está certo, seu computador está normal:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).

Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.

Caro Power Max, um bom dia.

Seguindo sua última orientação, procedo à postagem do log mam, ficando no aguardo de possível reorientação.


Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]


Update, 20/02/2015 01:12:17, SYSTEM, HAROLDO-PC, Manual, Malware Database, 2015.2.19.8, 2015.2.20.2,
Scan, 20/02/2015 11:25:26, SYSTEM, HAROLDO-PC, Manual, Start:20/02/2015 01:12:24, Duration:10 hr 11 min 34 sec, Verificação Personalizada, Terminado, 0 Malware Detections, 3 Non-Malware Detections,

(end)

Você não postou o log completo, mas quanto a estes itens detectados pelo Malwarebytes você enviou eles para a quarentena do Malwarebytes?

Caro Power Max, um bom dia.

Repeti os passos para extrair o log, como por você orientado, e o programa o reemitiu da mesma forma, como abaixo:Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]


Update, 20/02/2015 01:12:17, SYSTEM, HAROLDO-PC, Manual, Malware Database, 2015.2.19.8, 2015.2.20.2,
Scan, 20/02/2015 11:25:26, SYSTEM, HAROLDO-PC, Manual, Start:20/02/2015 01:12:24, Duration:10 hr 11 min 34 sec, Verificação Personalizada, Terminado, 0 Malware Detections, 3 Non-Malware Detections,

(end)

Será que estou cometendo algum lapso no "passo a passo", evitando que ele saia mais detalhado? Quanto à sua pergunta, adianto-lhe que os três "Non-Malware" detectados foram mandados para a Quarentena. Fico no aguardo de possível reorientação.
Meu muito obrigado.

Como está o computador?

Meu PC está ótimo. Abrindo a função "Options" dos navegadores, substituí aquela expressão "invasora" que os travava, por "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e tudo normalizou. Desta forma, não sei o procedimento correto, mas considero também cabalmente resolvido o tópico que precipitadamente abri "NAVEGADORES TRAVADOS". Agradeço a paciência e a inestimável ajuda prestada.

Fico feliz que o problema tenha sido resolvido.

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!

CASO RESOLVIDO

Necessitando nova verificação para este computador, basta abrir um Novo Tópico e relatar o problema.