Após a inicialização meu notebook trava totalmente

hoje de manha baixei e instalei o comodo internet Security e após isso tive muita dificuldade em fazer qualquer download já que este programa sempre barrava com um alerta...mas o problema pior é que chegou uma hora que note travou completamente, o cursor parou de funcionar e o teclado também. Depois disso era necessário tirar a bateria para que ele pudesse iniciar. Aí eu fiz assim: entrei no modo de segurança e fiz a restauração do sistema, o referido programa foi deletado porém ainda aparece uma mensagem de que este não pode ser iniciado. Mas o problema maior não foi resolvido, então eu usei o avast no modo de segurança, consegui remover os dois vírus detectados, ainda assim não funcionou...desconfio que foi algum vírus que invadiu o sistema quando eu tentava fazer o download, o comodo internet security é sempre recomendado por muitos e não acho que ele tenha causado o problema e sim um vírus....gostaria de uma ajuda. Como posso resolver isso?

Obrigado, abraço!

  Olá Pedro Nunes.

Neste caso, ao invés de fazer a restauração, o melhor seria se você tivesse só desinstalado o Comodo.
_____________________________________________________________________________________________

Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

*Execute-o e clique no botão Main Menu.

* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].

*Um relatório será apresentado.

*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.

Ficamos no aguardo de sua resposta.

copiei do bloco de notas, é isso?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:01:30, on 01/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\perpetuoperpetuo\Desktop\novap\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Bizzybolt - {13070af0-bc6c-4185-8baa-40a4cf05b323} - C:\Program Files (x86)\Bizzybolt\Bizzyboltbho.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll
O2 - BHO: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\perpetuoperpetuo\AppData\Local\SaveSense\SaveSenseIE.dll (file missing)
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\perpetuoperpetuo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\perpetuoperpetuo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Battery Manager Service (BatteryManagerSrv) - Positivo Informática S.A - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe (file missing)
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update Bizzybolt - Unknown owner - C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe
O23 - Service: Util Bizzybolt - Unknown owner - C:\Program Files (x86)\Bizzybolt\bin\utilBizzybolt.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12869 bytes

pedro nunes escreveu:copiei do bloco de notas, é isso?

Sim, é isto mesmo. Este relatório está mostrando que seu PC está com vários adwares.

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Fiz o procedimento que me indicou, mas o note precisou reiniciar e quando isso aconteceu ele iniciou no modo normal, ou seja, após alguns segundo travou...eu até consegui copiar o log mas não deu tempo nem de abrir o navegador...se eu entrar novamente no modo de segurança tem como enviar esse relatório? ou você me indica outro procedimento?

Neste caso é só iniciar no Modo de Segurança > E quando estiver no Modo de Segurança, acesse o log que está gravado em C:\AdwCleaner\AdwCleaner[S0].txt e poste em sua próxima resposta.

aqui está:

# AdwCleaner v3.018 - Relatório criado 01/02/2014 às 15:17:59
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : perpetuoperpetuo - PC
# Executando de : C:\Users\perpetuoperpetuo\Desktop\novap\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : Browser Manager

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\Browser Manager
Pasta Deletada : C:\ProgramData\Trymedia
Pasta Deletada : C:\ProgramData\AlawarWrapper
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Deletada : C:\Program Files (x86)\BabylonToolbar
Pasta Deletada : C:\Program Files (x86)\DealPly
Pasta Deletada : C:\Program Files (x86)\Funmoods
Pasta Deletada : C:\Program Files (x86)\IminentToolbar
Pasta Deletada : C:\Windows\SysWOW64\Browser Manager
Pasta Deletada : C:\Users\perpetuoperpetuo\AppData\Local\SwvUpdater
Pasta Deletada : C:\Users\PERPET~1\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\perpetuoperpetuo\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\perpetuoperpetuo\AppData\LocalLow\IminentToolbar
Pasta Deletada : C:\Users\perpetuoperpetuo\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\perpetuoperpetuo\AppData\Roaming\BabylonToolbar
Pasta Deletada : C:\Users\perpetuoperpetuo\AppData\Roaming\baidu
Pasta Deletada : C:\Users\perpetuoperpetuo\AppData\Roaming\IminentToolbar
Pasta Deletada : C:\Users\perpetuoperpetuo\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\perpetuoperpetuo\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Pasta Deletada : C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Users\perpetuoperpetuo\AppData\Local\funmoods.crx
Arquivo Deletada : C:\Users\perpetuoperpetuo\AppData\Local\funmoods-speeddial_sf.crx
Arquivo Deletada : C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Deletada : C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Deletada : C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Arquivo Deletada : C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Arquivo Deletada : C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Windows\Tasks\AmiUpdXp.job
Arquivo Deletada : C:\Windows\System32\Tasks\AmiUpdXp
Arquivo Deletada : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\b
Chave Deletedo : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Chave Deletedo : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chave Deletedo : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\f
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Chave Deletedo : HKCU\Software\e2d88ab26ebf14
Chave Deletedo : HKLM\SOFTWARE\e2d88ab26ebf14
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Chave Deletedo : HKCU\Software\BabylonToolbar
Chave Deletedo : HKCU\Software\DataMngr
[#] Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\DealPly
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Microsoft\Babylon
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\BabylonToolbar
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Chave Deletedo : [x64] HKLM\SOFTWARE\Iminent
Chave Deletedo : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Chave Deletedo : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

-\\ Google Chrome v32.0.1700.102

[ Arquivo : C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19062 octets] - [01/02/2014 15:16:11]
AdwCleaner[S0].txt - [17860 octets] - [01/02/2014 15:17:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17921 octets] ##########

  Vários problemas foram removidos.
_____________________________________________________

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

Após a execução do JRT a janela simplesmente some e em seguida não aparece o log...segui as orientações mas não apareceu nada, nem na área de trabalho!

Você executou ele no Modo Seguro?

sim foi no modo seguro, será que é por isso? no modo normal não dá mesmo, já tentei umas três vezes e não dá tempo de abrir o navegador ou executar o TJR. Teve um amigo que me falou que ele pode ter aquecido , apesar de eu não ter percebido nada, isso é possivel?

pedro nunes escreveu:sim foi no modo seguro, será que é por isso? no modo normal não dá mesmo, já tentei umas três vezes e não dá tempo de abrir o navegador ou executar o TJR. Teve um amigo que me falou que ele pode ter aquecido , apesar de eu não ter percebido nada, isso é possivel?

Quando alguma dica que eu te passar não funcionar, você me diz que a gente tenta outra alternativa. Porque senão a limpeza demorará para ser feita.
_________________________________________________________________________________________________________
 
 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
 
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
Copie todo este script que te passei e cole-o no espaço em branco do Zoek:
 
*Clique [Run Script]
 
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
 

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

 
*Caso a reinicialização do PC seja solicitada, clique [OK]
 
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by perpetuoperpetuo on 01/02/2014 at 17:28:21,23.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\perpetuoperpetuo\Desktop\novap\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2076702601-4103458326-864681307-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DA65F8E0-3152-4BB2-82A8-5F54040F72FF} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Bizzybolt deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Bizzybolt deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Bizzybolt deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Bizzybolt deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Bizzybolt deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Bizzybolt deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Bizzybolt deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Bizzybolt deleted successfully

==== Deleting Files \ Folders ======================

C:\Users\perpetuoperpetuo\AppData\Local\genienext deleted
C:\Users\perpetuoperpetuo\daemonprocess.txt deleted
C:\Users\perpetuoperpetuo\.android deleted
C:\PROGRA~2\Bizzybolt deleted
C:\found.000 deleted
C:\Users\perpetuoperpetuo\AppData\Roaming\newnext.me deleted
C:\Users\perpetuoperpetuo\AppData\Roaming\DigitalSites deleted
C:\Users\perpetuoperpetuo\AppData\Local\Mobogenie deleted
C:\Users\perpetuoperpetuo\AppData\Local\cache deleted
C:\windows\SysNative\tasks\SaveSenseLiveUpdateTaskMachineCore deleted
C:\windows\SysNative\tasks\SaveSenseLiveUpdateTaskMachineUA deleted
C:\windows\SysNative\tasks\Digital Sites deleted
C:\Windows\tasks\Digital Sites.job deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\perpetuoperpetuo\Documents\Mobogenie deleted
C:\Users\Public\Documents\AlawarWrapper deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\perpetuoperpetuo\AppData\Roaming\Mozilla\Firefox\Profiles\paygywc9.default
- RightSurf - %ProfilePath%\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\perpetuoperpetuo\AppData\Roaming\Mozilla\Firefox\Profiles\paygywc9.default
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\perpetuoperpetuo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/03/2013 21:29]

avast WebRep - perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Casey Reas - perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijljpbmaieiejfcgahimekneppldbha
Google Wallet - perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Comodo Web Inspector - perpetuoperpetuo\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Share Page Service - perpetuoperpetuo\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{26E8B55D-B5FF-2655-502C-7CCB56CBBE33} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\perpetuoperpetuo\AppData\Local\COMODO\Dragon\User Data\Default\Preferences was reset successfully
C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\perpetuoperpetuo\AppData\Local\COMODO\Dragon\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2076702601-4103458326-864681307-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2076702601-4103458326-864681307-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2076702601-4103458326-864681307-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13070af0-bc6c-4185-8baa-40a4cf05b323} deleted successfully
HKEY_USERS\S-1-5-21-2076702601-4103458326-864681307-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{13070af0-bc6c-4185-8baa-40a4cf05b323} deleted successfully
HKEY_USERS\S-1-5-21-2076702601-4103458326-864681307-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-2076702601-4103458326-864681307-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-2076702601-4103458326-864681307-1000\Software\Microsoft\Internet Explorer\SearchScopes\{26E8B55D-B5FF-2655-502C-7CCB56CBBE33} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{13070af0-bc6c-4185-8baa-40a4cf05b323} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13070af0-bc6c-4185-8baa-40a4cf05b323} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\perpetuoperpetuo\Desktop\Dispositivos e Impressoras - Atalho.lnk -
C:\Users\perpetuoperpetuo\Desktop\RocketDock\Desinstalar RocketDock.lnk - C:\Program Files (x86)\RocketDock\unins000.exe
C:\Users\perpetuoperpetuo\Desktop\RocketDock\PunkSoftware.com.lnk - C:\Program Files (x86)\RocketDock\PunkSoftware.com.url
C:\Users\perpetuoperpetuo\Desktop\RocketDock\RocketDock Documentation.lnk - C:\Program Files (x86)\RocketDock\Help\English\index.html
C:\Users\perpetuoperpetuo\Desktop\RocketDock\RocketDock.lnk - C:\Program Files (x86)\RocketDock\RocketDock.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\DriverEasy.lnk - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
C:\Users\Public\Desktop\GeekBuddy.lnk - C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" "lps-ca"
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Guia Vivo Internet.lnk - C:\Program Files (x86)\Vivo\Guia Vivo Internet\Guia Vivo Internet\Guia Vivo Internet.hta
C:\Users\Public\Desktop\Kantoo English.lnk -
C:\Users\Public\Desktop\Manual do Usuário.lnk -
C:\Users\Public\Desktop\Positivo 3D Incrível.lnk -
C:\Users\Public\Desktop\Positivo Backup.lnk - C:\Program Files (x86)\PSafe\PSafeSysTray.exe -wakeup
C:\Users\Public\Desktop\Positivo Conecta.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Conecta\PositivoConecta.exe
C:\Users\Public\Desktop\Positivo Fotos.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Fotos\PositivoFotos.exe
C:\Users\Public\Desktop\Relação de Assistências Técnicas Autorizadas.lnk -
C:\Users\Public\Desktop\Segurança Online.lnk -
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Positivo Jogos\Bejeweled(R) 3.lnk - C:\Program Files (x86)\Zylom Games\Bejeweled(R) 3\ZY-Bejeweled3.exe
C:\Users\Public\Desktop\Positivo Jogos\BigCityAdventureVan.lnk - C:\Program Files (x86)\Zylom Games\Big City Adventure(TM) - Vancouver\ZY-BigCityAdventureVan.exe
C:\Users\Public\Desktop\Positivo Jogos\Chuzzle.exe.lnk - C:\Program Files (x86)\Zylom Games\Chuzzle Deluxe\ZY-Chuzzle.exe
C:\Users\Public\Desktop\Positivo Jogos\Farmscapes.lnk - C:\Program Files (x86)\Zylom Games\Farmscapes(TM) Premium Edition\ZY-Farmscapes.exe
C:\Users\Public\Desktop\Positivo Jogos\GHDeliciousEmilysChildhoodMemories.lnk - C:\Program Files (x86)\Zylom Games\Delicious - Emily's Childhood Memories Premium Edition\ZY-GHDeliciousEmilysChildhoodMemories.exe
C:\Users\Public\Desktop\Positivo Jogos\Luxor.lnk - C:\Program Files (x86)\Zylom Games\Luxor\ZY-luxor.exe
C:\Users\Public\Desktop\Positivo Jogos\MahjongFortuna2.lnk - C:\Program Files (x86)\Zylom Games\Mahjong Fortuna 2\ZY-MahjongFortuna2.exe
C:\Users\Public\Desktop\Positivo Jogos\Mortimerbeckett2.lnk - C:\Program Files (x86)\Zylom Games\Mortimer Beckett and the Time Paradox\ZY-mortimerbeckett2.exe
C:\Users\Public\Desktop\Positivo Jogos\PlantsVsZombies.lnk - C:\Program Files (x86)\Zylom Games\Plantas vs Zumbis(TM)\ZY-PlantsVsZombies.exe
C:\Users\Public\Desktop\Positivo Jogos\Positivo Games.lnk - C:\Program Files (x86)\Positivo Games\AlawarArcade.exe -local
C:\Users\Public\Desktop\Positivo Jogos\SallysStudio.lnk - C:\Program Files (x86)\Zylom Games\Sally's Studio(TM)\ZY-SallysStudio.exe

==== shortcuts in Users Start Menu ======================

C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo nesta última versão.lnk -
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\GeekBuddy\GeekBuddy.lnk - C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" "lps-ca"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DT.gadget
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - C:\Program Files (x86)\DAEMON Tools Lite\SPTDinst-x64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy\DriverEasy.lnk - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy\Uninstall DriverEasy.lnk - C:\Program Files\Easeware\DriverEasy\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2\PDF reDirect Help.lnk - C:\Program Files (x86)\PDF reDirect\PDF_Help.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2\PDF reDirect Pro Help.lnk - C:\Program Files (x86)\PDF reDirect\PDF_Pro_Help.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2\PDF reDirect Pro.lnk - C:\Program Files (x86)\PDF reDirect\PDF_reDirect.exe -p
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2\PDF reDirect.lnk - C:\Program Files (x86)\PDF reDirect\PDF_reDirect.exe -b
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2\Purchase PDF reDirect Pro.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2\Uninstall.lnk - C:\Program Files (x86)\PDF reDirect\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock\Desinstalar RocketDock.lnk - C:\Program Files (x86)\RocketDock\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock\PunkSoftware.com.lnk - C:\Program Files (x86)\RocketDock\PunkSoftware.com.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock\RocketDock Documentation.lnk - C:\Program Files (x86)\RocketDock\Help\English\index.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock\RocketDock.lnk - C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk - C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe "unit_manager.exe"

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Plants vs. Zombies.lnk - C:\Program Files (x86)\Plants vs Zombies\popcapgame1.exe
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Positivo Fotos.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Fotos\PositivoFotos.exe
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk -
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk -
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel Starter 2010.lnk - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Excel Starter 2010 9014006604160000"
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word Starter 2010.lnk - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604160000"
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\perpetuoperpetuo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\perpetuoperpetuo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\perpetuoperpetuo\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\perpetuoperpetuo\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\perpetuoperpetuo\AppData\Local\Mozilla\Firefox\Profiles\paygywc9.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1270 folders=119 98796842 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\perpetuoperpetuo\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PERPET~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 01/02/2014 at 17:50:43,41 ======================

  Vários outros problemas foram removidos.

Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log do Malwarebytes

Ficamos no aguardo.

aqui está:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: v2014.02.01.07

Windows 7 Service Pack 1 x64 NTFS (Modo Seguro/Em Rede)
Internet Explorer 11.0.9600.16476
perpetuoperpetuo :: PC [administrador]

Proteção: Não permitir

01/02/2014 18:28:16
mbam-log-2014-02-01 (18-28-16).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 324677
Tempo decorrido: 33 minuto(s), 39 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 38
HKCR\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828} (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828} (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassSvc (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickCtrl.9 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickProcessLauncherMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickProcessLauncherMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.Update3WebControl.3 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoCreateAsync (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoCreateAsync.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreClass (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreClass.1 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreMachineClass (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreMachineClass.1 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CredentialDialogMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CredentialDialogMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.ProcessLauncher (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.ProcessLauncher.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3COMClassService (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3COMClassService.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachineFallback (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebSvc (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebSvc.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\AppID\SaveSenseLive.exe (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\SaveSenseLive (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\Bizzybolt (PUP.Optional.Bizzybolt.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\SaveSenseLive (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\Software\Bizzybolt (PUP.Optional.Bizzybolt.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 25
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarApp.dll.vir (PUP.Optional.BabylonToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarEng.dll.vir (PUP.Optional.BabylonToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe.vir (PUP.Optional.BabylonToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll.vir (PUP.Optional.BabylonToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyIE.dll.vir (PUP.DealPly) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyTune.dll.vir (PUP.Optional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdate.exe.vir (PUP.Optional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateRun.exe.vir (PUP.Optional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\uninst.exe.vir (PUP.Optional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll.vir (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll.vir (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll.vir (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe.vir (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll.vir (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\perpetuoperpetuo\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\COMODO\Cis\Quarantine\data\{140652BA-0369-440D-881F-BACD3F24CF72} (PUP.Optional.Rapiddown) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\COMODO\Cis\Quarantine\data\{E728812A-2A71-4825-9FA8-8934D8DC0979} (PUP.Optional.Rapiddown) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\COMODO\Cis\Quarantine\data\{F14CCECD-CE8B-4309-9F15-4BBE0A4D37C8} (PUP.Optional.Bizzybolt.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\perpetuoperpetuo\Downloads\165-DTLite4481-0347.exe (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\perpetuoperpetuo\Downloads\aMSN-0.98.9-tcl85-windows-installer.exe (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\perpetuoperpetuo\Downloads\Skype (1).exe (PUP.Optional.Rapiddown) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\perpetuoperpetuo\Downloads\Skype.exe (PUP.Optional.Rapiddown) -> Enviado para a Quarentena e deletado com sucesso.
C:\zoek_backup\C_PROGRA~2_Bizzybolt\BizzyboltBHO.dll (PUP.Optional.Bizzybolt.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\zoek_backup\C_PROGRA~2_Bizzybolt\updateBizzybolt.exe (PUP.Optional.BizzyBolt.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\zoek_backup\C_PROGRA~2_Bizzybolt\bin\utilBizzybolt.exe (PUP.Optional.BizzyBolt.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
 
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Execute o ícone do pergaminho. ( ZHPDiag )
 
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
 
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

~ Relatório do ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Iniciado por perpetuoperpetuo (01/02/2014 19:43:31)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v32.0.1700.102 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1483.0
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 3942 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 409 GB (89%) free of 456 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PC
~ User Name: perpetuoperpetuo
~ All Users Names: perpetuoperpetuo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\perpetuoperpetuo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\perpetuoperpetuo\AppData\Roaming\
~ %Desktop% : C:\Users\perpetuoperpetuo\Desktop\
~ %Favorites% : C:\Users\perpetuoperpetuo\Favorites\
~ %LocalAppData% : C:\Users\perpetuoperpetuo\AppData\Local\
~ %StartMenu% : C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 409 Go of 456 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.06/07/2011 - 18:34:56.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 04:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.06/07/2011 - 18:36:49.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/275
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 1/57
~ Mon Bureau (My Desktop) : 1/196
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.9B593137FBCC7C1E5D0E4A422749D9A5] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584] [PID.1492]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.1792]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\ZHPDiag\ZHPDiag.exe [8339968] [PID.1624]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\perpetuoperpetuo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\perpetuoperpetuo\AppData\Roaming\Mozilla\Firefox\Profiles\paygywc9.default\prefs.js (.not file.)
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: DriverEasy.lnk . (.Easeware - DriverEasy.) -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
O4 - GS\Desktop [Public]: GeekBuddy.lnk . (...) -- C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe (.not file.)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Guia Vivo Internet.lnk . (...) -- C:\Program Files (x86)\Vivo\Guia Vivo Internet\Guia Vivo Internet\Guia Vivo Internet.hta
O4 - GS\Desktop [Public]: Kantoo English.lnk - Chave orfã
O4 - GS\Desktop [Public]: Manual do Usuário.lnk . (...) -- C:\Fabricante\Manual do Usuário\Manual_Usuario.pdf
O4 - GS\Desktop [Public]: Positivo 3D Incrível.lnk . (...) -- C:\Program Files (x86)\Positivo Informática\Positivo 3D Incrível\3DIncrivel.exe
O4 - GS\Desktop [Public]: Positivo Conecta.lnk . (.Positivo Informática S.A. - Positivo Conecta.) -- C:\Program Files (x86)\Positivo Informática\Positivo Conecta\PositivoConecta.exe
O4 - GS\Desktop [Public]: Positivo Fotos.lnk . (...) -- C:\Program Files (x86)\Positivo Informática\Positivo Fotos\PositivoFotos.exe
O4 - GS\Desktop [Public]: Relação de Assistências Técnicas Autorizadas.lnk . (...) -- C:\Fabricante\Relação de Assistências Técnicas Autorizadas\Rede_Assistencia_Tecnica.pdf
O4 - GS\Desktop [Public]: Segurança Online.lnk - Chave orfã
O4 - GS\QuickLaunch [perpetuoperpetuo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [perpetuoperpetuo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [perpetuoperpetuo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [perpetuoperpetuo]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [perpetuoperpetuo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [perpetuoperpetuo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [perpetuoperpetuo]: Dispositivos e Impressoras - Atalho.lnk - Chave orfã
~ Global Startup: 73 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Start GeekBuddy.lnk . (...) -- C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe (.not file.)
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\perpetuoperpetuo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Wow6432Node\Run: [tvncontrol] . (.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2076702601-4103458326-864681307-1000\..\RunOnce: [Uninstall C:\Users\perpetuoperpetuo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 [64Bits] - {bd707fe6-39f6-4bda-9265-86a76719bdc5} . (...) -- C:\Program Files\Motorola\Bluetooth\bluetooth.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{213FE8E6-3BDF-4B91-A088-9083EB240E96}: DhcpNameServer = 201.6.2.103 201.6.2.183 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{300C0B87-BE88-41BB-970D-73037D8204B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{300C0B87-BE88-41BB-970D-73037D8204B5}: DhcpDomain = homestation
O17 - HKLM\System\CS1\Services\Tcpip\..\{213FE8E6-3BDF-4B91-A088-9083EB240E96}: DhcpNameServer = 201.6.2.103 201.6.2.183 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{300C0B87-BE88-41BB-970D-73037D8204B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{300C0B87-BE88-41BB-970D-73037D8204B5}: DhcpDomain = homestation
O17 - HKLM\System\CS2\Services\Tcpip\..\{213FE8E6-3BDF-4B91-A088-9083EB240E96}: DhcpNameServer = 201.6.2.103 201.6.2.183 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{300C0B87-BE88-41BB-970D-73037D8204B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{300C0B87-BE88-41BB-970D-73037D8204B5}: DhcpDomain = homestation
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.103 201.6.2.183 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: WB . (...) -- C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll (.not file.)
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: PSafeLockBoxSvc (PSafeLockBoxSvc) . (.PSafe - PSafe CategoryFinder.) - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 18 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DriverEasy Scheduled Scan.job [428]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (HMD) . (...) - C:\Windows\System32\DRIVERS\hmd.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Big City Adventure(TM) - Vancouver (remove only) - (...) [HKLM][64Bits] -- Big City Adventure(TM) - Vancouver
O42 - Logiciel: Claro 3G - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
O42 - Logiciel: LIVE! Control Center 1.11(X64) - (.OEM.) [HKLM][64Bits] -- {271F5A67-A83A-4985-B41B-201EB267E6CF}
O42 - Logiciel: LIVE! OSD 1.35 - (.OEM.) [HKLM][64Bits] -- {73289228-1853-4623-982A-EB17FF0270CA}
O42 - Logiciel: Mahjong Fortuna 2 (remove only) - (...) [HKLM][64Bits] -- Mahjong Fortuna 2
O42 - Logiciel: Plantas vs Zumbis(TM) (remove only) - (...) [HKLM][64Bits] -- Plantas vs Zumbis(TM)
O42 - Logiciel: Plants vs Zombies - (...) [HKLM][64Bits] -- Plants vs Zombies
O42 - Logiciel: QuickKey 1.02 - (.OEM.) [HKLM][64Bits] -- {BF73DC38-2331-4CCB-AF7F-594EF8604711}_is1
O42 - Logiciel: Sally's Studio(TM) (remove only) - (...) [HKLM][64Bits] -- Sally's Studio(TM)
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
~ Logic: 31 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\39202InstEnd]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Deskmedia]
[HKCU\Software\LiveOSD]
[HKCU\Software\PDF reDirect]
[HKLM\Software\Deskmedia]
[HKLM\Software\Lazarus]
[HKLM\Software\WinSlcMy]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Claro 3G]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\WinSlcMy]
~ Key Software: 278 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/01/2014 - 08:04:43 - [0,221] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 10/02/2013 - 17:33:49 - [26,049] ----D C:\Program Files (x86)\Claro 3G
O43 - CFD: 25/11/2012 - 17:59:28 - [0,439] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 24/01/2014 - 12:42:34 - [12,585] ----D C:\Program Files (x86)\PDF reDirect
O43 - CFD: 25/11/2012 - 17:59:36 - [96,642] ----D C:\Program Files (x86)\Plants vs Zombies
O43 - CFD: 15/08/2012 - 14:14:58 - [2,698] ----D C:\Program Files (x86)\QuickKey
O43 - CFD: 22/01/2014 - 21:25:10 - [0,014] ----D C:\Program Files (x86)\RightSurf
O43 - CFD: 12/10/2012 - 15:54:49 - [4,007] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 12/10/2012 - 15:55:05 - [70,683] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 15/08/2012 - 14:55:46 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 20/09/2012 - 18:16:29 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 22/01/2014 - 08:06:05 - [29,870] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 23/01/2014 - 14:19:31 - [0] ----D C:\ProgramData\PDF reDirect
O43 - CFD: 01/02/2014 - 13:43:35 - [49,950] --H-D C:\ProgramData\SmartProtect
O43 - CFD: 15/08/2012 - 14:53:58 - [9,224] ----D C:\ProgramData\Vivo
O43 - CFD: 22/01/2014 - 08:06:23 - [2,856] ----D C:\Users\perpetuoperpetuo\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 24/01/2014 - 12:42:33 - [0,526] ----D C:\Users\perpetuoperpetuo\AppData\Roaming\PDF reDirect
O43 - CFD: 29/10/2012 - 17:09:12 - [6,365] ----D C:\Users\perpetuoperpetuo\AppData\Roaming\VIVO INTERNET
O43 - CFD: 25/01/2014 - 22:10:59 - [0,147] ----D C:\Users\perpetuoperpetuo\AppData\Local\lazarus
O43 - CFD: 25/11/2012 - 17:59:29 - [0,007] ----D C:\Users\perpetuoperpetuo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
~ Program Folder: 171 Legitimates Filtered in 00mn 27s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.94AEDD912BD652C985FA546BCB3F22BC] - 01/02/2014 - 08:12:45 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147112]
O44 - LFC:[MD5.B09BFD63012FD8553C367627D5C0FEA5] - 01/02/2014 - 08:12:45 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705086]
O44 - LFC:[MD5.C855D434DDAA77561EE80E92A18AB3A3] - 01/02/2014 - 09:02:55 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [30080]
O44 - LFC:[MD5.C855D434DDAA77561EE80E92A18AB3A3] - 01/02/2014 - 09:02:56 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [30080]
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 01/02/2014 - 16:28:02 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.CEFE76A4F11BB8A9E8DAAED44BA9F451] - 01/02/2014 - 16:50:43 ---A- . (...) -- C:\zoek-results.log [25186]
O44 - LFC:[MD5.D301C92C7F462048F12DBBA77CFF0A58] - 01/02/2014 - 18:16:19 ---A- . (...) -- C:\Windows\System32\Drivers\sfi.dat [608]
O44 - LFC:[MD5.EA204B473366769DDD5FE85D01610E20] - 01/02/2014 - 18:27:56 ---A- . (...) -- C:\Windows\ntbtlog.txt [877060]
O44 - LFC:[MD5.9FCFB59B02D1AF9BF5E62970C8BA19DE] - 22/01/2014 - 16:30:24 ---A- . (...) -- C:\Personalization_Panel_Undo.log [4002]
O44 - LFC:[MD5.BE9ABBA239905C914B050195978E4D02] - 24/01/2014 - 10:36:02 ---A- . (...) -- C:\Windows\Ultimate.xml [51867]
O44 - LFC:[MD5.713BB1B61B4097888E088AAD6C8CE1D8] - 26/01/2014 - 13:56:33 ---A- . (...) -- C:\Windows\System32\wbload.dll [181440]
O44 - LFC:[MD5.46237A897B2674C8483A71FACEB0324E] - 27/01/2014 - 18:44:04 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [673037]
~ Files: 62 Legitimates Filtered in 00mn 06s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{1a1d8fc2-0a70-11e2-8065-c89cdc1dd058}\AutoRun\command. (...) -- E:\Windows\AutoRun.exe (.not file.)
O51 - MPSK:{3ace52e8-13d8-11e2-8caf-c89cdc1dd058}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{a666488d-3718-11e2-bb28-c89cdc1dd058}\AutoRun\command. (...) -- E:\Windows\AutoRun.exe (.not file.)
O51 - MPSK:{c48d81e9-72e7-11e2-a96f-c89cdc1dd058}\AutoRun\command. (...) -- E:\Windows\AutoRun.exe (.not file.)
O51 - MPSK:{fce33483-1494-11e2-9131-c89cdc1dd058}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{fce33496-1494-11e2-9131-c89cdc1dd058}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{fce334b2-1494-11e2-9131-c89cdc1dd058}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Deskmedia [Key] . (...) -- C:\Positivo\Deskmedia\GerenciadorLocal.exe
O53 - SMSR:HKLM\...\startupreg\HookKey [Key] . (.TODO: - TODO: .) -- C:\Program Files (x86)\QuickKey\HookKey.exe
O53 - SMSR:HKLM\...\startupreg\PSafeSysTray [Key] . (.PSafe - PSafe System Tray.) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe
O53 - SMSR:HKLM\...\startupreg\SmartProtect [Key] . (...) -- C:\ProgramData\SmartProtect\SmartProtect.exe
O53 - SMSR:HKLM\...\startupreg\StartUpManagerPositivo [Key] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.DE6759B8D8E62BF0FFF2B05F05AFCEE6] - 06/03/2013 - 20:33:21 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336]
O58 - SDL:[MD5.7E44C2684A6CA779B9D07CB4BD3F649D] - 06/03/2013 - 20:33:21 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [178624]
O58 - SDL:[MD5.7AD735DB1A9CC82D75E8854952EE8052] - 07/05/2013 - 04:00:18 ---A- . (.Windows (R) Win 7 DDK provider - Safe Deletion Driver.) -- C:\Windows\System32\Drivers\CFRMD.sys [37976]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 08/10/2010 - 16:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.D3A6BCD0047EE7923C2C3960C4CDCA4D] - 07/10/2013 - 02:17:38 ---A- . (...) -- C:\Windows\System32\Drivers\hmd.sys [14888]
O58 - SDL:[MD5.3A3E840983E71A28A8A7FA5EA88F5BD1] - 21/01/2010 - 12:08:32 ---A- . (.Windows (R) Win 7 DDK provider - KBFiltr.) -- C:\Windows\System32\Drivers\LiveGpdKBFilter.sys [11168]
O58 - SDL:[MD5.7AA1DC509A5D6FF6320F7612FC7252DE] - 21/01/2010 - 11:32:16 ---A- . (...) -- C:\Windows\System32\Drivers\LiveIO.sys [14240]
O58 - SDL:[MD5.E852E2F52B67BD5C780D24498E435E32] - 21/01/2010 - 12:07:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Livekbc.sys [11680]
O58 - SDL:[MD5.6E9DCED2F22F08D55BFA21BD9B586B95] - 21/01/2010 - 12:08:04 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Livemouclass.sys [11168]
O58 - SDL:[MD5.2FC5308D06B872E347F780D883D2FB83] - 26/03/2011 - 09:37:12 ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter.sys [11776]
O58 - SDL:[MD5.15E399875C850B54FC253A2323AD8021] - 06/08/2010 - 07:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.3A3E840983E71A28A8A7FA5EA88F5BD1] - 21/01/2010 - 12:08:32 ---A- . (.Windows (R) Win 7 DDK provider - KBFiltr.) -- C:\Windows\System32\LiveGpdKBFilter.sys [11168]
O58 - SDL:[MD5.7AA1DC509A5D6FF6320F7612FC7252DE] - 21/01/2010 - 11:32:16 ---A- . (...) -- C:\Windows\System32\LiveIO.sys [14240]
O58 - SDL:[MD5.E852E2F52B67BD5C780D24498E435E32] - 21/01/2010 - 12:07:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Livekbc.sys [11680]
O58 - SDL:[MD5.6E9DCED2F22F08D55BFA21BD9B586B95] - 21/01/2010 - 12:08:04 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Livemouclass.sys [11168]
~ Drivers: 18 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 24/09/2013 - C:\Windows\System32\DRIVERS\cmdhlp.sys (cmdHlp) .(.COMODO - COMODO Internet Security Helper Driver.) - LEGACY_CMDHLP
O64 - Services: CurCS - 05/11/2010 - C:\Windows\System32\drivers\iaStor.sys (iaStor) .(.Intel Corporation - Intel Rapid Storage Technology driver - x64.) - LEGACY_IASTOR
~ Legacy: 141 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\perpetuoperpetuo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{9D39476D-79DE-488F-B264-BC37E71D4DB9}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\PSafe\PSRsync.exe
O87 - FAEL: "{04C9DC30-C520-4711-8896-7AA040A4BBAD}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\PSafe\PSRsync.exe
~ Firewall: 196 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "76A5F172A38A58944BB102E12B766EFC" . (.LIVE! Control Center 1.11(X64).) -- C:\Windows\Installer\{271F5A67-A83A-4985-B41B-201EB267E6CF}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "822982373581326489A2BE71FF2007AC" . (.LIVE! OSD 1.35.) -- C:\Windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_6FEFF9B68218417F98F549.exe
~ Update Products: 58 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.455C0E27358AC9242544F413B3284828] [WIS][15/08/2012] (.SRS Labs, Inc. - SRS Premium Sound Control Panel.) -- C:\Windows\Installer\1b09e.msi [8534016]
[MD5.9419559E26D53CC34862DF9B558A2917] [WIS][30/10/2012] (.Babylon Ltd - Babylon Chrome Toolbar.) -- C:\Windows\Installer\35192f.msi [354816] =>PUP.Babylon
~ WIS: 61 Legitimates Filtered in 00mn 08s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 06/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Auto 20/03/2012 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SS - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SS - | Demand 30/11/2010 4150864 | (Bluetooth Device Manager) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
SS - | Demand 30/11/2010 1188616 | (Bluetooth Media Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
SS - | Auto 30/11/2010 679176 | (Bluetooth OBEX Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
SS - | Auto 11/10/2013 70352 | (CLPSLauncher) . (.Comodo Security Solutions, Inc..) - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
SS - | Auto 20/10/2013 6254152 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SS - | Demand 24/09/2013 164056 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SS - | Demand 15/08/2012 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 15/08/2012 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Auto 11/10/2013 2327248 | (GeekBuddyRSP) . (.Comodo Security Solutions, Inc..) - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
SS - | Auto 27/04/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/04/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SS - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Auto 06/10/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Auto 18/05/2012 1259784 | (PSafeLockBoxSvc) . (.PSafe.) - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
SS - | Disabled 18/05/2012 1722120 | (PSafeSVC) . (.PSafe S/A.) - C:\Program Files (x86)\PSafe\PSafesvc.exe
SS - | Disabled 18/05/2012 250632 | (PSafeWD) . (.PSafe.) - C:\Program Files (x86)\PSafe\PSafeWD.exe
SS - | Auto 16/10/2013 289496 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 06/10/2010 2655768 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Disabled 10/07/1658 0 | (McMPFSvc) . (...) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

~ Services: Scanned in 00mn 11s



---\\ Scâner Aditional (088)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 4

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent
[HKCU\Software\SteamPopCap] =>Adware.PopCap
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\perpetuoperpetuo\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
C:\Windows\Installer\35192f.msi =>PUP.Babylon^
~ Additionnel Scan: 217126 Items scanned in 00mn 14s



---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Mobogenie
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PopCap
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ MSI: 6 link(s) detected in 00mn 14s



~ 1137 Legitimates filtered by white list
End of the scan (531 lines in 01mn 22s)(0)

Não sei se é importante passar essa informação, mas agora quando inicio no modo normal aparece uma mensagem do comodo internet security, perguntando se quero fazer uma analise....acho que isso é devido a restauração que fiz hoje de manha e por consequencia apagou este programa....queria aproveitar também para perguntar se eu tenho que ativar o avast no próximo passo?...obrigado!

Copie todo este script que te passei.
 
Vá no menu: Iniciar > Todos os programas > ZHP >  Zhpfix > Clique em Importação > Clique em OK > Clique com o botão direito do mouse sobre a grande área cinza da tela do programa e clique em Colar > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.1.17.2 par Nicolas Coolman, Update du 17/01/2014
Fichier d'export Registre :
Run by perpetuoperpetuo at 01/02/2014 20:33:56
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 08s)

========== Chaves do Registo ==========
ELIMINÉ:* Winlogon Notify: WB
ELIMINÉ: Service: PSafeLockBoxSvc
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ CLSID MPSK: {1a1d8fc2-0a70-11e2-8065-c89cdc1dd058}
ELIMINÉ CLSID MPSK: {3ace52e8-13d8-11e2-8caf-c89cdc1dd058}
ELIMINÉ CLSID MPSK: {a666488d-3718-11e2-bb28-c89cdc1dd058}
ELIMINÉ CLSID MPSK: {c48d81e9-72e7-11e2-a96f-c89cdc1dd058}
ELIMINÉ CLSID MPSK: {fce33483-1494-11e2-9131-c89cdc1dd058}
ELIMINÉ CLSID MPSK: {fce33496-1494-11e2-9131-c89cdc1dd058}
ELIMINÉ CLSID MPSK: {fce334b2-1494-11e2-9131-c89cdc1dd058}
ELIMINÉ:* StartupReg: PSafeSysTray
ELIMINÉ:* StartupReg: SmartProtect
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\5509804B864D4A546AABA531D87D51CF]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\5509804B864D4A546AABA531D87D51CF]
ELIMINÉ: Service: BBSvc
ELIMINÉ: Service: BBUpdate
ELIMINÉ: Service: PSafeSVC
ELIMINÉ: Service: PSafeWD
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}
ELIMINÉ: HKCU\Software\SteamPopCap
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B

========== Valores do Registo ==========
ELIMINÉ RunValue: mobilegeni daemon
ELIMINÉ RunValue: Malwarebytes Anti-Malware (cleanup)
ELIMINÉ MWPS Value: EnableUIADesktopToggle
ELIMINÉ MWPS Value: FilterAdministratorToken
ELIMINÉ MWPE Value: NoActiveDesktopChanges
ELIMINÉ: {9D39476D-79DE-488F-B264-BC37E71D4DB9}
ELIMINÉ: {04C9DC30-C520-4711-8896-7AA040A4BBAD}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\geekbuddy.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\startup\start geekbuddy.lnk
ELIMINÉ: c:\program files (x86)\psafe\psafecategoryfinder.exe
ELIMINÉ: c:\programdata\smartprotect\smartprotect.exe
ELIMINÉ: C:\Windows\Installer\35192f.msi
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ Temporários windows (4) (43.642 octets)

========== Outros ==========
NÃO-TRATADO SystemRestore


========== Recapitulativo ==========
23 : Chaves do Registo
13 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
7 : Ficheiros
1 : Outros


End of clean in 00mn 12s

========== Caminho do ficheiro do relatório ==========
C:\Users\perpetuoperpetuo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/02/2014 20:34:05 [3072]

Mais problemas foram removidos.

Tente fazer a limpeza com este programa abaixo e veja se agora dá certo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Se der certo você posta o log dele aqui por gentileza.

tentei executar o JTR umas 5 vezes e em todas elas a janela some depois de uns 2 minutos. minha pergunta é: depois que a janela some significa que o programa terminou a execução, certo? o problema é que não aparece o log....mas eu vou tentar reiniciar agora no modo normal pra ver se resolveu ...mas eu to com a impressão de que vou ter que formatar...

Se o Junkware não funcionar, a gente pode limpar com outros bons programas. Mas já estamos quase terminando de remover os problemas de seu PC.

Já reiniciei no modo normal e finalmente deu certo, problema resolvido...Obrigadão mesmo....Agradeço pelo belo trabalho que vocês fazem aqui, ajudando várias pessoas... mais uma vez obrigado, fica com Deus... Abraço!

  Fico feliz que o problema tenha sido resolvido.

Só para finalizar faça estes últimos procedimentos, por gentileza:

Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).

Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:


Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.

Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):

__________________________________________________________________________________________________________________

Depois disto siga também as dicas deste tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)

*Depois disto é só executá-lo, deixar selecionadas as opções  Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique em [Run]

Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt
_______________________________________________________________________________________________________________________

 Também é importante fazer uma desfragmentação do computador, para isso, vá no menu: Iniciar - Todos os programas - Acessórios - Ferramentas do Sistema - Desfragmentador de disco - Clique no botão: Desfragmentar, e aí é só ir seguindo os passos que o programa vai te passando.
___________________________________________________________________________________________________________________________

   Foi um prazer ajudar, conte sempre conosco!