Remoção de malwares.

Aqui esta o log do HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:47:32, on 18/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16798)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\DllHost.exe
C:\Users\familia\AppData\Local\Skillbrains\lightshot\5.0.0.2\Lightshot.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\familia\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Link Helper - {187F0AB6-77A2-0EB4-7046-6D5C14763804} - C:\Windows\system32\FFXST30.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\familia\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
O4 - HKCU\..\Run: [LightShot] C:\Users\familia\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SafetyNut Manager (SafetyNutManager) - Unknown owner - C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

--
End of file - 8574 bytes

Tenho tambem o relatorio do ADWCLEANER  

# AdwCleaner v3.018 - Relatório criado 16/02/2014 às 17:05:59
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : familia - FAMILIA-MEGA
# Executando de : C:\Users\familia\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\BitGuard
Pasta Deletada : C:\ProgramData\Browser Manager
Pasta Deletada : C:\ProgramData\BrowserProtect
Pasta Deletada : C:\ProgramData\StarApp
Pasta Deletada : C:\ProgramData\DOwnLoada kaeeper
Pasta Deletada : C:\ProgramData\saafe save
Pasta Deletada : C:\ProgramData\safee ysavve
Pasta Deletada : C:\ProgramData\suaavenshharE e
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saafe save
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safee ysavve
Pasta Deletada : C:\Program Files\Babylon
Pasta Deletada : C:\Program Files\driver-soft
Pasta Deletada : C:\Program Files\Funmoods
[!] Pasta Deletada : C:\Program Files\Movies Toolbar
Pasta Deletada : C:\Program Files\SafeSaver
Pasta Deletada : C:\Users\familia\AppData\Local\Babylon
Pasta Deletada : C:\Users\familia\AppData\Local\FilesFrog Update Checker
Pasta Deletada : C:\Users\familia\AppData\Local\SwvUpdater
Pasta Deletada : C:\Users\familia\AppData\LocalLow\saafe save
Pasta Deletada : C:\Users\familia\AppData\LocalLow\safee ysavve
Pasta Deletada : C:\Users\familia\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\familia\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\familia\AppData\Roaming\Tencent
Pasta Deletada : C:\Users\familia\AppData\Roaming\UpdaterEX
Pasta Deletada : C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Arquivo Deletada : C:\Windows\Tasks\AmiUpdXp.job
Arquivo Deletada : C:\Windows\System32\Tasks\AmiUpdXp
Arquivo Deletada : C:\Windows\Tasks\Funmoods.job
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job
Arquivo Deletada : C:\Windows\System32\Tasks\UpdaterEX

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E69C40D-707A-414B-B34D-8F48324FEFDA}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E69C40D-707A-414B-B34D-8F48324FEFDA}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECD03CC9-C594-4383-B905-A036009030CF}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECD03CC9-C594-4383-B905-A036009030CF}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B8021D0-92E1-4CA5-89AA-29D8DB25AB5D}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B8021D0-92E1-4CA5-89AA-29D8DB25AB5D}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Chave Deletedo : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Chave Deletedo : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Chave Deletedo : HKLM\SOFTWARE\Classes\.bdc
Chave Deletedo : HKLM\SOFTWARE\Classes\.bgl
Chave Deletedo : HKLM\SOFTWARE\Classes\.bof
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\BabyDict
Chave Deletedo : HKLM\SOFTWARE\Classes\BabyGloss
Chave Deletedo : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Chave Deletedo : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Chave Deletedo : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Chave Deletedo : HKLM\SOFTWARE\Classes\BabyOptFile
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\S
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Valor Deletedo : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Valor Deletedo : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Valor Deletedo : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Valor Deletedo : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_0bdf5975
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e303e95
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_e77c81ae
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKCU\Software\APN DTX
Chave Deletedo : HKCU\Software\Babylon
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\Somoto
Chave Deletedo : HKCU\Software\TENCENT
Chave Deletedo : HKCU\Software\Webplayer
Chave Deletedo : HKCU\Software\AppDataLow\SProtector
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\SP Global
Chave Deletedo : HKLM\Software\SProtector
Chave Deletedo : HKLM\Software\TENCENT
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Wincert\WIN32C~1.DLL

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Google Chrome v32.0.1700.107

[ Arquivo : C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo : homepage
Deletedo : search_url
Deletedo : keyword

*************************

AdwCleaner[R0].txt - [10916 octets] - [16/02/2014 17:04:25]
AdwCleaner[S0].txt - [10255 octets] - [16/02/2014 17:05:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10316 octets] ##########

E O DO JRT PRECISO DE ALGO MAIS ?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Basic x64
Ran by familia on 16/02/2014 at 17:12:53,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\driver genius
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smarttweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7960FDC3-8E37-92A0-A749-AFDF17DE2B7B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7960FDC3-8E37-92A0-A749-AFDF17DE2B7B}



~~~ Files

Successfully deleted: [File] "C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\babylon.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\familia\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\familia\appdata\local\webplayer"
Successfully deleted: [Folder] "C:\Users\familia\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\familia\AppData\Roaming\microsoft\windows\start menu\programs\smarttweak software"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/02/2014 at 17:14:47,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  Olá Wallace.

 Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log do Malwarebytes.

Ficamos no aguardo.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados:  v2014.02.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16798
familia :: FAMILIA-MEGA [administrador]

Proteção: Permitir

18/02/2014 00:55:40
mbam-log-2014-02-18 (00-55-40).txt

Tipo de Verificação:  Verificação Completa  (C:\|D:\|F:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  451491
Tempo decorrido: 7 hora(s), 44 minuto(s), 28 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 22
HKCR\CLSID\{187F0AB6-77A2-0EB4-7046-6D5C14763804} (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{187F0AB6-77A2-0EB4-7046-6D5C14763804} (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{187F0AB6-77A2-0EB4-7046-6D5C14763804} (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{187F0AB6-77A2-0EB4-7046-6D5C14763804} (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Optional.SoftwareUpdater) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Optional.SoftwareUpdater) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Optional.SoftwareUpdater) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Optional.SoftwareUpdater) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Updater.AmiUpd.1 (PUP.Optional.SoftwareUpdater) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Updater.AmiUpd (PUP.Optional.SoftwareUpdater) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4} (PUP.Optional.Amonetize.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0} (PUP.Optional.Amonetize.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} (PUP.Optional.Amonetize.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\AmiBs.Installer.1 (PUP.Optional.Amonetize.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\AmiBs.Installer (PUP.Optional.Amonetize.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\somotomoviestoolbar1 (PUP.Optional.MoviesToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard (PUP.Optional.MoviesToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard.1 (PUP.Optional.MoviesToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\SAFETYNUT (PUP.Optional.SafetyNut.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 1
HKLM\SOFTWARE\SafetyNut|browser (PUP.Optional.SafetyNut.A) -> Data:  cr -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 1
C:\ProgramData\SafetyNut (PUP.Optional.SafetyNut.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 54
C:\Windows\System32\FFXST30.dll (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.SoftwareUpdater) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Windows Anytime Upgrad Key Generator.zip__5399_il6220982.exe (PUP.Optional.Amonetize.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\InstallMate\{16BA7679-5796-472F-A5C4-1FB4CD59548F}\Custom.dll (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\InstallMate\{A6B04874-8BBF-47A9-A542-C39D7D536A82}\Custom.dll (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\everest-ultimate-edition-550-32-bits.exe (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\File.rar.exe (PUP.Optional.Installrex) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\FreeMahjongGamesSetup-cZgzByh.exe (PUP.Optional.Somoto) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Setup.exe (PUP.Optional.Solimba) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Não confirmado 2988.crdownload (PUP.Optional.Amonetize) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Não confirmado 679804.crdownload (PUP.Optional.Amonetize) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Usb 3d Sound Configuration.rar__3038_i360935455_il6567953.exe (PUP.Optional.Amonetize) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Pokemon Black (1).exe (PUP.Optional.PCMega.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Pokemon Black (2).exe (PUP.Optional.PCMega.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Instalar-e-assistir-estuprando a novinha.zip.exe (PUP.Optional.Pcmega) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Setup (1).exe (PUP.Optional.Solimba) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\setup (4).exe (PUP.Optional.OutBrowse) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Setup (5).exe (PUP.Optional.InstalleRex) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Pokemon – a volta de mewtwo dublado.zip.exe (PUP.Optional.PCMega.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\gerador de seriais ea games -by nathancabula (1).rar (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\gerador de seriais ea games -by nathancabula.rar (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Gerador-de-keygen-eagames-by-slip635.rar.exe (PUP.Optional.Installrex) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\ECC 5.2.rar (Spyware.OnlineGames) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Pokemon Black.exe (PUP.Optional.PCMega.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Usb 3d Sound Configuration.rar__3515_i360933499_il6567953.exe (PUP.Optional.Amonetize) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\SoftonicDownloader_for_volumouse-portable.exe (PUP.Optional.Softonic.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\SoftonicDownloader_para_euro-truck-simulator-2-patch.exe (PUP.Optional.Softonic) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Download.exe (PUP.Optional.Midia) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\Driver.Genius.Pro.v11.0.0.1112.by.tano1221.rar.exe (PUP.Optional.Installrex) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Downloads\drivereasy-46032105-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\familia\Local Settings\Application Data\Bundled software uninstaller\biclient.exe (PUP.Optional.Somoto.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\SafetyNut\SRTOOL~1\GC\uninstall.exe.vir (PUP.Optional.MoviesToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files\SafeSaver\sprotector.dll.vir (PUP.Optional.SProtect.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\ProgramData\DOwnLoada kaeeper\kTpGbm.dll.vir (PUP.Optional.MultiPlug.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\ProgramData\DOwnLoada kaeeper\lQTeBDL.exe.vir (PUP.Optional.MultiPlug.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\ProgramData\saafe save\51d46e95c2be3.dll.vir (PUP.Optional.MultiPlug.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\ProgramData\saafe save\uninstall.exe.vir (PUP.Optional.SilentInstall.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\ProgramData\safee ysavve\51c0bc1fb6fea.dll.vir (PUP.Optional.MultiPlug.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\ProgramData\safee ysavve\uninstall.exe.vir (PUP.Optional.SilentInstall.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\ProgramData\suaavenshharE e\NdI106V.dll.vir (PUP.Optional.MultiPlug.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\ProgramData\suaavenshharE e\P1g1smW.dll.vir (PUP.Optional.MultiPlugin.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\familia\AppData\Local\FilesFrog Update Checker\uninstall.exe.vir (PUP.Optional.Somoto.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\familia\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir (PUP.Optional.FilesFrog.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\familia\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows\System32\ccscript.exe (Trojan.Dropper) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows\System32\chknttfs.exe (Trojan.Dropper) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\SaveShare\sprotector.dll (PUP.Optional.SProtect.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Ss.Helper\sprotector.dll (PUP.Optional.SProtect.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\VictorVal\Dragon Ball Z Budokai Tenkaichi 3 Repack\DbzBT3.exe (Trojan.Pincher) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\SafetyNut\coordinator.cfg (PUP.Optional.SafetyNut.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\SafetyNut\general.cfg (PUP.Optional.SafetyNut.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\SafetyNut\S-1-5-21-2940341634-771634997-1081814800-1000.cfg (PUP.Optional.SafetyNut.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\SafetyNut\S-1-5-32.cfg (PUP.Optional.SafetyNut.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Tem esse outro aqui

2014/02/18 00:54:50 -0300 FAMILIA-MEGA familia MESSAGE Starting protection
2014/02/18 00:54:50 -0300 FAMILIA-MEGA familia MESSAGE Protection started successfully
2014/02/18 00:54:50 -0300 FAMILIA-MEGA familia MESSAGE Starting IP protection
2014/02/18 00:54:59 -0300 FAMILIA-MEGA familia MESSAGE IP Protection started successfully
2014/02/18 00:55:23 -0300 FAMILIA-MEGA familia MESSAGE Starting database refresh
2014/02/18 00:55:23 -0300 FAMILIA-MEGA familia MESSAGE Stopping IP protection
2014/02/18 00:55:24 -0300 FAMILIA-MEGA familia MESSAGE IP Protection stopped successfully
2014/02/18 00:55:27 -0300 FAMILIA-MEGA familia MESSAGE Database refreshed successfully
2014/02/18 00:55:27 -0300 FAMILIA-MEGA familia MESSAGE Starting IP protection
2014/02/18 00:55:32 -0300 FAMILIA-MEGA familia MESSAGE IP Protection started successfully
2014/02/18 09:17:38 -0300 FAMILIA-MEGA familia DETECTION C:\Program Files\VictorVal\Dragon Ball Z Budokai Tenkaichi 3 Repack\DbzBT3.exe Trojan.Pincher QUARANTINE
2014/02/18 09:22:33 -0300 FAMILIA-MEGA familia DETECTION C:\Windows\System32\FFXST30.dll Trojan.Agent QUARANTINE
2014/02/18 12:34:58 -0300 FAMILIA-MEGA familia MESSAGE Executing scheduled update: Daily
2014/02/18 12:35:07 -0300 FAMILIA-MEGA familia MESSAGE Scheduled update executed successfully: database updated from version v2014.02.18.01 to version v2014.02.18.04
2014/02/18 12:35:08 -0300 FAMILIA-MEGA familia MESSAGE Starting database refresh
2014/02/18 12:35:08 -0300 FAMILIA-MEGA familia MESSAGE Stopping IP protection
2014/02/18 12:35:08 -0300 FAMILIA-MEGA familia MESSAGE IP Protection stopped successfully
2014/02/18 12:35:13 -0300 FAMILIA-MEGA familia MESSAGE Database refreshed successfully
2014/02/18 12:35:13 -0300 FAMILIA-MEGA familia MESSAGE Starting IP protection
2014/02/18 12:35:15 -0300 FAMILIA-MEGA familia MESSAGE IP Protection started successfully

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 17-February-2014
Tool run by familia on 18/02/2014 at 13:22:12,90.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\familia\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18/02/2014 13:26:55 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafetyNutManager deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SafetyNutManager deleted successfully

==== Deleting Files \ Folders ======================

C:\Program Files\SaveShare deleted
C:\Program Files\SmartTweak deleted
C:\Program Files\Ss.Helper deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Package Cache deleted
C:\PROGRA~2\SummerSoft deleted
C:\Users\familia\AppData\Local\funmoods_2.3.1.crx deleted
C:\Users\familia\AppData\Local\funmoods_speedial_v9.0.10.crx deleted
C:\Users\familia\AppData\Local\somotomoviestoolbar1 deleted
C:\Users\familia\AppData\Local\SwvUpdater deleted
C:\Users\familia\AppData\LocalLow\somotomoviestoolbar1 deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\tasks\Funmoods Chat deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [20/06/2013 23:55]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [20/06/2013 23:55]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaimdcedbpbcjjbbnfcbbjcngmomic - C:\Users\familia\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx[]

Battlefield Heroes - familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh
Google Wallet - familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Battlefield Play4Free - familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh
Quebrador de Links - familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchaoppopfjnlficjlobfjhfceadbfla
Gmail - familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_portugues.babylon.com_0.localstorage-journal deleted successfully
C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_foezz.exclusive-rewards.jopbsearch.com_0.localstorage-journal deleted successfully
C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_iwrzz.exclusive-rewards.jopbsearch.com_0.localstorage-journal deleted successfully
C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ri6zz.exclusive-rewards.jopbsearch.com_0.localstorage-journal deleted successfully
C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_rikzz.exclusive-rewards.jopbsearch.com_0.localstorage-journal deleted successfully
C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vygzz.exclusive-rewards.jopbsearch.com_0.localstorage-journal deleted successfully
C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{127C2B8D-0A6C-4801-81EE-5D71E11ABD9A} Unknown  Url="Not_Found"
{52db1893-8a90-4192-aede-08e00b8f8473} Unknown  Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2940341634-771634997-1081814800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{127C2B8D-0A6C-4801-81EE-5D71E11ABD9A} deleted successfully
HKEY_USERS\S-1-5-21-2940341634-771634997-1081814800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\familia\Desktop\Configurar Dragon Ball Z Budokai Tenkaichi 3 Repack.lnk - C:\Program Files\VictorVal\Dragon Ball Z Budokai Tenkaichi 3 Repack\Dolphin.exe
C:\Users\familia\Desktop\Continue WildTaxi.lnk - C:\Users\familia\AppData\Local\Temp\DM1391831847.exe
C:\Users\familia\Desktop\Dragon Ball Z Budokai Tenkaichi 3 Repack.lnk - C:\Program Files\VictorVal\Dragon Ball Z Budokai Tenkaichi 3 Repack\DbzBT3.exe
C:\Users\familia\Desktop\My Drivers.lnk - C:\Program Files\My Drivers\MyDrivers.exe
C:\Users\familia\Desktop\pxgclient - Atalho.lnk - C:\Users\familia\Desktop\Area de trabalho\PxGClient\pxgclient.exe
C:\Users\familia\Desktop\UpdateMyDrivers.lnk - C:\Program Files\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe
C:\Users\familia\Desktop\Area de trabalho\Assault Fire BR.lnk - C:\Program Files\FarCry 3\TCLS\client.exe
C:\Users\familia\Desktop\Area de trabalho\Call of Duty - World at War.lnk - C:\Program Files\Modern\Call of Duty - World at War\CoDWaW.exe
C:\Users\familia\Desktop\Area de trabalho\Clownfish.lnk - C:\Program Files\Clownfish\Clownfish.exe
C:\Users\familia\Desktop\Area de trabalho\CoDWaWmp - Atalho.lnk - C:\Program Files\Modern\Call of Duty - World at War\CoDWaWmp.exe
C:\Users\familia\Desktop\Area de trabalho\Counter Strike 1.6.lnk - C:\Program Files\Counter Strike 1.6\hl.exe -nomaster -game cstrike
C:\Users\familia\Desktop\Area de trabalho\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\familia\Desktop\Area de trabalho\CrossFire AL.lnk - C:\Program Files\Z8Games\CrossFire AL\cfPT_launcher.exe
C:\Users\familia\Desktop\Area de trabalho\Dedicated Server.lnk - C:\Program Files\Counter Strike 1.6\hlds.exe -nomaster -game cstrike -insecure
C:\Users\familia\Desktop\Area de trabalho\Euro Truck Simulator 2.lnk - C:\Program Files\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
C:\Users\familia\Desktop\Area de trabalho\game_launcher - Atalho.lnk - C:\Program Files\Hoplon\Saints Row The Third\game_launcher.exe
C:\Users\familia\Desktop\Area de trabalho\GhostMouse Free.lnk - C:\Program Files\GhostMouse\GhostMouse.exe
C:\Users\familia\Desktop\Area de trabalho\GTA San Andreas.lnk - C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe
C:\Users\familia\Desktop\Area de trabalho\Jogar MuAwaY.lnk - C:\Program Files\MuAwaY\jogar.exe
C:\Users\familia\Desktop\Area de trabalho\Launch MARS.lnk - C:\Users\familia\Desktop\Area de trabalho\IGO.3ATUALIZADO\MARS\MaLauncher.exe
C:\Users\familia\Desktop\Area de trabalho\Mafia 2 Multiplayer.lnk - C:\Program Files\Mafia 2 Multiplayer\m2mp.exe
C:\Users\familia\Desktop\Area de trabalho\mafia2 - Atalho.lnk - C:\Program Files\2K Games\Mafia II\pc\mafia2.exe
C:\Users\familia\Desktop\Area de trabalho\Naviextras Toolbox.lnk - C:\Program Files\Naviextras\Toolbox\toolbox.exe
C:\Users\familia\Desktop\Area de trabalho\Second Life Viewer.lnk - C:\Program Files\SecondLifeViewer\SecondLife.exe  --set InstallLanguage pt
C:\Users\familia\Desktop\Area de trabalho\sXe Injected.lnk - C:\Program Files\sXe Injected\sXe Injected.exe
C:\Users\familia\Desktop\Area de trabalho\µTorrent.lnk -  
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Adobe Reader 9.lnk - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Ares.lnk - C:\Program Files\Ares\Ares.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Ashampoo Internet Accelerator 3.lnk - C:\Program Files\Ashampoo\Ashampoo Internet Accelerator 3\iac3.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\BrickForce.lnk - C:\BrickForce\BfLauncher.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Camtasia Studio 8.lnk - C:\Program Files\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Central de Soluções HP.lnk -  
C:\Users\familia\Desktop\Area de trabalho\Atalhos\CrossFire AL.lnk - C:\Program Files\Z8Games\CrossFire AL\cfPT_launcher.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\EVEREST Ultimate Edition.lnk - C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\EverQuest II.lnk - C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\LaunchPad.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\FarCry 3.lnk - C:\Program Files\FarCry 3\bin\farcry3.exe -language portuguese -offline
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Fraps.lnk - C:\Fraps\fraps.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Game Booster 3.lnk - C:\Program Files\IObit\Game Booster 3\GameBooster.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\HP ePrinterCenter.lnk - C:\Program Files\HP\Digital Imaging\AppStudio\hpzsip.url
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Iniciar - Cube World.lnk - C:\Program Files\Cube World\CubeStart.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\King Arthur's Gold.lnk - C:\Users\familia\KAG\KAG.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Lixeira - Atalho.lnk -  
C:\Users\familia\Desktop\Area de trabalho\Atalhos\LogMeIn Hamachi.lnk - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Loja de Suprimentos HP.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Paint.NET.lnk - C:\Program Files\Paint.NET\PaintDotNet.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\ROBLOX Player.lnk - C:\Program Files\Roblox\Versions\version-8049d9622c164956\RobloxPlayerLauncher.exe -browser
C:\Users\familia\Desktop\Area de trabalho\Atalhos\ROBLOX Studio 2013.lnk - C:\Program Files\Roblox\Versions\RobloxStudioLauncherBeta.exe -ide
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Spybot-S&D Start Center.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Steam.lnk - C:\Program Files\Steam\Steam.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Switch to Gaming Mode.lnk - C:\Program Files\IObit\Game Booster 3\GameBooster.exe -game
C:\Users\familia\Desktop\Area de trabalho\Atalhos\TipCam.lnk - C:\Program Files\uTIPu\tipc.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Toribash.lnk - C:\Games\Toribash-4.41\toribash.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\TuneUp 1-Click Maintenance.lnk - C:\Program Files\TuneUp Utilities 2013\OneClick.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\TuneUp Utilities 2013.lnk - C:\Program Files\TuneUp Utilities 2013\Integrator.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Warface.lnk - C:\Level Up Games\Warface\Launcher\Launcher.exe
C:\Users\familia\Desktop\Area de trabalho\Atalhos\Zune.lnk - C:\Program Files\Zune\Zune.exe
C:\Users\familia\Desktop\Area de trabalho\Formatacao\MegaProLib.lnk - C:\Program Files\MegaProLib\MegaProLib.exe
C:\Users\familia\Desktop\Area de trabalho\Relacionadas videos\Edição de fotos\PhotoFiltre Studio X.lnk -  
C:\Users\familia\Desktop\MEU\PointBlank.lnk - C:\ongame\Pointblank\PBLauncher.exe
C:\Users\familia\Desktop\My Shared Folder\EVEREST Ultimate Edition.lnk - C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\familia\Desktop\PXG\Driver Genius Professional Edition.lnk - C:\Program Files\Driver-Soft\DriverGenius\DriverGenius.exe
C:\Users\familia\Desktop\PXG\DriverEasy.lnk - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
C:\Users\familia\Desktop\PXG\HD VDeck.lnk - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Users\familia\Desktop\PXG\Launcher - Atalho.lnk - C:\Program Files\2K Games\Spec Ops The Line\Binaries\Win32\Launcher.exe
C:\Users\familia\Desktop\PXG\Spec Ops The Line.lnk - C:\Program Files\2K Games\Spec Ops The Line\Binaries\Win32\SpecOpsTheLine.exe
C:\Users\familia\Desktop\PXG\Tibia MULTI-IP Changer.lnk - C:\Program Files\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe
C:\Users\familia\Desktop\PXG\Tibia.lnk - C:\Program Files\Tibia\Tibia.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk - C:\Program Files\MTA San Andreas 1.3\Multi Theft Auto.exe

==== shortcuts in Users Start Menu ======================

C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk - C:\Users\familia\AppData\Local\WebPlayer\Uninstall.exe
C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot\Desinstalar LightShot.lnk - C:\Users\familia\AppData\Local\Skillbrains\lightshot\unins000.exe
C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot\Learn More.lnk - C:\Users\familia\AppData\Local\Skillbrains\lightshot\5.0.0.2\learnmore.url
C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot .lnk - C:\Users\familia\AppData\Local\Skillbrains\lightshot\LightShot.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverNavigator\DriverNavigator.lnk - C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverNavigator\Uninstall DriverNavigator.lnk - C:\Program Files\Easeware\DriverNavigator\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Multi Theft Auto San Andreas 1.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3\MTA San Andreas.lnk - C:\Program Files\MTA San Andreas 1.3\Multi Theft Auto.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3\MTA Server.lnk - C:\Program Files\MTA San Andreas 1.3\server\MTA Server.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3\Uninstall MTA San Andreas.lnk - C:\Program Files\MTA San Andreas 1.3\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Drivers\Manual English.lnk - C:\Program Files\My Drivers\ManuelEN.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Drivers\Manual Español.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Drivers\Manuel Français.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Drivers\My Drivers on the Web.lnk - C:\Program Files\My Drivers\MyDrivers.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Drivers\My Drivers.lnk - C:\Program Files\My Drivers\MyDrivers.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Drivers\Uninstall My Drivers.lnk - C:\Program Files\My Drivers\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Player.lnk - C:\Program Files\Roblox\Versions\version-afc74353f06542bd\RobloxPlayerLauncher.exe -browser
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Studio 2013.lnk - C:\Program Files\Roblox\Versions\RobloxStudioLauncherBeta.exe -ide

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files\Samsung\Kies\KiesAgent.exe /lite
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files\Samsung\Kies\KiesAgent.exe
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -  
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Borderlands 2 launcher.lnk - C:\Program Files\2K Games\Borderlands 2\Binaries\Win32\Launcher.exe
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\FarCry 3.lnk - C:\Program Files\FarCry 3\bin\farcry3.exe -language portuguese -offline
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\GTA San Andreas.lnk - C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Minecraft (2).lnk - C:\Users\familia\Desktop\Area de trabalho\Minecraft\Minecraft (2).exe
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Minecraft.lnk - C:\Users\familia\Desktop\Area de trabalho\Minecraft\Minecraft.exe
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\familia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"=":0"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E887970-9A06-AE90-E1BA-C5AA4232B3EA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7A8D7453-0E2E-F72A-F48E-8EA7E5FE444D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89CD72BD-6B49-F21C-7F56-16A3E2E969B3} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EF95D8DC-DF42-CA6D-91E1-9E76E9DE1319} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLV Player deleted successfully

==== Empty IE Cache ======================

C:\Users\familia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\familia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=99 folders=30 20103710 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\familia\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\familia\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on 18/02/2014 at 13:37:13,58 ======================


  Power depois pode dar uma olhada no meus topicos la do windows 7 por favor ;D vlw

 Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
 
|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014)
~ Iniciado por familia (18/02/2014 14:00:52)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16798
GCIE: Google Chrome v32.0.1700.107 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft Security Client PT-BR Language Pack v2.0.0657.0
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.03 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.9

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1948 MB (33% free)
System Restore: Activé (Enable)
System drive C: has 208 GB (44%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: FAMILIA-MEGA
~ User Name: familia
~ All Users Names: familia, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\familia\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\familia\AppData\Roaming\
~ %Desktop% : C:\Users\familia\Desktop\
~ %Favorites% : C:\Users\familia\Favorites\
~ %LocalAppData% : C:\Users\familia\AppData\Local\
~ %StartMenu% : C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 208 Go of 466 Go)
D: CD-ROM drive (Free 0 Go of 1 Go)
F: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.1FF83D2BE92B40DAE234CF4236680B6E] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/02/2014 - 04:58:31.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/187
~ Mes musiques (My Musics) : 1/16
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/1689
~ Mon Bureau (My Desktop) : 1/23549
~ Menu demarrer (Programs) : 1/63
~ Hidden Files: Scanned in 00mn 54s



---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1356]
[MD5.F6B028380423B1C498984ED5CE873A47] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.3052]
[MD5.C17459807B922502D3735EEDAC32E2AB] - (.VIA - VIA HD Audio CPL.) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [4512432] [PID.3120]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2608]
[MD5.4C2ECFF76CE32EC594545152D1DCEB35] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [145880] [PID.3672]
[MD5.1B422F7D2238612919EE9771D26B0208] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [181208] [PID.3748]
[MD5.22884291BD017D70E047D50DAD3C4602] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [189912] [PID.3988]
[MD5.815E02C29A017EB53C61961AD4BFF560] - (.Skillbrains - Lightshot.) -- C:\Users\familia\AppData\Local\Skillbrains\lightshot\5.0.0.2\LightShot.exe [411136] [PID.2528]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [866632] [PID.5392]
[MD5.F93E4DC33900B8F2A82BD22FFAF21C96] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.3656]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.5984]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8338432] [PID.4140]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\familia\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensões Cliente Bing.) -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll =>Toolbar.Bing
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: MTA San Andreas 1.3.lnk . (.Multi Theft Auto - Multi Theft Auto Launcher.) -- C:\Program Files\MTA San Andreas 1.3\Multi Theft Auto.exe
O4 - GS\QuickLaunch [familia]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [familia]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [familia]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [familia]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [familia]: 3d Girlz Uninstall.lnk . (...) -- C:\Users\familia\Desktop\Q3DUnInst.exe (.not file.)
O4 - GS\Program [familia]: EverQuest II.lnk . (.Sony Online Entertainment, LLC - LaunchPad (GameLauncher).) -- C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\LaunchPad.exe
O4 - GS\Program [familia]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [familia]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [familia]: Continue WildTaxi.lnk . (...) -- C:\Users\familia\AppData\Local\Temp\DM1391831847.exe (.not file.)
O4 - GS\Desktop [familia]: My Drivers.lnk . (.Hunter Software - My Drivers.) -- C:\Program Files\My Drivers\MyDrivers.exe
O4 - GS\Desktop [familia]: pxgclient - Atalho.lnk . (...) -- C:\Users\familia\Desktop\Area de trabalho\PxGClient\pxgclient.exe
~ Global Startup: 55 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [LightShot] . (.No owner - Starter Module.) -- C:\Users\familia\AppData\Local\Skillbrains\lightshot\Lightshot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2940341634-771634997-1081814800-1000\..\Run: [LightShot] . (.No owner - Starter Module.) -- C:\Users\familia\AppData\Local\Skillbrains\lightshot\Lightshot.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D31863A7-E685-4B72-B3B4-D185860A0431}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD538A96-079C-4ABC-AE78-6F7CF555BDCE}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{D31863A7-E685-4B72-B3B4-D185860A0431}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DD538A96-079C-4ABC-AE78-6F7CF555BDCE}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{D31863A7-E685-4B72-B3B4-D185860A0431}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DD538A96-079C-4ABC-AE78-6F7CF555BDCE}: DhcpNameServer = 192.168.42.129
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chaves de Gerenciamento Sessão (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x64) . (...) -- c:\program files\movies toolbar\safetynut\x64\safetycrt.dll =>PUP.MoviesToolbar
O36 - AppCertDlls: (x86) . (...) -- c:\program files\movies toolbar\safetynut\safetycrt.dll =>PUP.MoviesToolbar
~ Keys: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DriverEasy Scheduled Scan.job [410]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DriverNavigator Scheduled Scan.job [440]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Funmoods Chat.job [300] =>PUP.Funmoods
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\update-S-1-5-21-2940341634-771634997-1081814800-1000.job [380]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\update-sys.job [380]
[MD5.71D63875DB82FB0BF3FAA16206761681] [APT] [update-S-1-5-21-2940341634-771634997-1081814800-1000] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [112416]
[MD5.71D63875DB82FB0BF3FAA16206761681] [APT] [update-sys] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [112416]
[MD5.00000000000000000000000000000000] [APT] [{06A4A911-1EDF-43C4-A20F-3AC84AAA52F3}] (...) -- C:\Users\familia\Desktop\C-Media PD-552 USB Audio Software FULL\Program\CmiInstallAudio.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2358967C-DB4D-4EDA-BE30-E53751A2B564}] (...) -- C:\Users\familia\Desktop\new_teamviewer_8_corporatecrack_new_2013.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3C8292D1-2704-454C-BA16-85C7852A8F4B}] (...) -- F:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{40F2364F-631F-4C8C-87D4-1E32FEEC302F}] (...) -- C:\Users\familia\Desktop\Mafia II\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{529BE51E-F69E-47B3-A7E2-217C89ED068C}] (...) -- F:\Install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5E778914-6CC6-4412-A50A-8DAF6FE445AA}] (...) -- C:\Users\familia\Desktop\Call of Duty 5.rar\COD5\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6032D8C9-0AAC-425C-A7F3-9E56CBC4ED1D}] (...) -- D:\setup.exe (.not file.) [0]
[MD5.7DC65CC00E261F7F6C714CC1E7D33D55] [APT] [{8D61F87F-3370-43CD-8384-AA1918F1C668}] (.C-Media Electronics Inc..) -- C:\Users\familia\Desktop\C-Media Sound Driver\cm45xp\CMUNINST.exe [139264]
[MD5.00000000000000000000000000000000] [APT] [{91707DA4-EB1E-4E9F-806E-D2961F3B31E5}] (...) -- C:\Users\familia\AppData\Local\Temp\Temp1_ethernet_mw-h61h2-m2_winxp_winvista_win7.zip\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C06A03E8-E984-4025-B388-81BF3E4C77D2}] (...) -- D:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C58B35EB-CF35-472F-BBDE-67C090433DC7}] (...) -- C:\Users\familia\AppData\Roaming\Easeware\DriverEasy\drivers\i2efcnxk.ojm\Win32_153117.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EC2A1AD6-589E-449D-8C25-FDAFFFB271BE}] (...) -- C:\Users\familia\Desktop\C-Media PD-552 USB Audio Software FULL\_ISDel.exe (.not file.) [0]
~ Scheduled Task: 34 Legitimates Filtered in 00mn 04s



---\\ Software instalados (042)
O42 - Logiciel: Ares 2.2.4 - (.Ares Development Group.) [HKLM] -- Ares
O42 - Logiciel: Assault Fire BR - (.Level Up Games.) [HKLM] -- Assault Fire BR
O42 - Logiciel: CastleMiner Z - (.DigitalDNA Games.) [HKCU] -- 97f28be79b4a4109
O42 - Logiciel: Counter Strike 1.6 - 2013 - (...) [HKLM] -- Counter Strike 1.6 - 2013
O42 - Logiciel: Craften Terminal 3.3.4897.28268 - (.Craften Dev Team.) [HKLM] -- {4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1
O42 - Logiciel: Cross Fire AL - (.Z8Games.com.) [HKLM] -- Cross Fire AL_is1
O42 - Logiciel: Dragon Ball Z Budokai Tenkaichi 3 Repack - (...) [HKLM] -- Dragon Ball Z Budokai Tenkaichi 3 Repack
O42 - Logiciel: Extended Update - (...) [HKCU] -- UpdaterEX =>PUP.Dealply
O42 - Logiciel: Gerenciador de Downloads - (.Level Up! Gerenciador.) [HKCU] -- a54e16f5d00985b6
O42 - Logiciel: GhostMouse - (.ghost-mouse.com.) [HKLM] -- GhostMouse_is1
O42 - Logiciel: MegaProLib versão 1.0 - (.Megaware Industrial Ltda.) [HKLM] -- {F922B4E6-04A5-464E-8C40-CB4887DEE0D4}_is1
O42 - Logiciel: MuAwaY versão 97d+1.0 Custons Sem Audio - (.MuAwaY, Inc..) [HKLM] -- {8CF6D2F8-2FBB-48F0-B658-0FCCE7533168}_is1
O42 - Logiciel: Mz Game Accelerator - (.Mz Game Accelerator.) [HKLM] -- MzGameAccelerator_is1
O42 - Logiciel: Spec Ops The Line - (...) [HKLM] -- Spec Ops The Line_is1
O42 - Logiciel: Update for Funmoods Chat - (.Update for Funmoods Chat.) [HKCU] -- Funmoods Chat =>PUP.Funmoods
O42 - Logiciel: Warface - (.Level Up! Games.) [HKLM] -- {094FAADD-5A39-4C64-911A-B4C9AD818484}_is1
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM] -- sXe Injected
O42 - Logiciel: suaavenshharE e - (.savenshare.) [HKLM] -- {62D82EC1-0D3A-DF54-8E3E-07E1337A5311}
~ Logic: 28 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ARAR]
[HKCU\Software\Ares]
[HKCU\Software\DigitalDNAGames]
[HKCU\Software\FMChat]
[HKCU\Software\Pando Networks]
[HKCU\Software\TesSafe]
[HKCU\Software\sXe Injected]
[HKLM\Software\Asprate]
[HKLM\Software\GameVicio]
[HKLM\Software\Modern]
[HKLM\Software\Pando Networks]
[HKLM\Software\RobloxReg]
[HKLM\Software\StudioQTRobloxReg]
[HKLM\Software\sXe_Injected]
~ Key Software: 430 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/07/2013 - 22:38:28 - [99,535] ----D C:\Program Files\1-click run
O43 - CFD: 23/06/2013 - 11:51:35 - [0,751] ----D C:\Program Files\ARAR
O43 - CFD: 18/06/2013 - 16:54:58 - [6,167] ----D C:\Program Files\Ares
O43 - CFD: 24/10/2013 - 22:33:29 - [0,584] ----D C:\Program Files\Asprate
O43 - CFD: 12/09/2013 - 21:51:26 - [524,356] ----D C:\Program Files\Counter Strike 1.6
O43 - CFD: 18/06/2013 - 18:40:05 - [6,170] ----D C:\Program Files\Craften Terminal
O43 - CFD: 13/08/2013 - 14:55:34 - [-930,153] ----D C:\Program Files\FarCry 3
O43 - CFD: 07/08/2013 - 16:18:09 - [0,240] ----D C:\Program Files\GameVicio
O43 - CFD: 31/08/2013 - 19:59:22 - [1,647] ----D C:\Program Files\GhostMouse
O43 - CFD: 17/08/2013 - 13:11:01 - [987,810] ----D C:\Program Files\Hoplon
O43 - CFD: 13/08/2013 - 12:29:10 - [0,872] ----D C:\Program Files\Level Up Games
O43 - CFD: 18/06/2013 - 14:47:42 - [2,253] ----D C:\Program Files\MegaProLib
O43 - CFD: 30/08/2013 - 13:35:36 - [133,914] ----D C:\Program Files\Modern
O43 - CFD: 05/09/2013 - 21:54:38 - [142,402] ----D C:\Program Files\MuAwaY
O43 - CFD: 16/12/2013 - 18:54:07 - [8,373] ----D C:\Program Files\Pando Networks
O43 - CFD: 27/06/2013 - 14:21:35 - [72,210] ----D C:\Program Files\Roblox
O43 - CFD: 12/09/2013 - 21:46:27 - [10,086] ----D C:\Program Files\sXe Injected
O43 - CFD: 18/09/2013 - 15:29:16 - [2,194] ----D C:\Program Files\Tribo Gamer
O43 - CFD: 19/06/2013 - 13:31:14 - [0] ----D C:\ProgramData\levelup downloader
O43 - CFD: 27/07/2013 - 16:18:52 - [36,100] ----D C:\ProgramData\Roblox
O43 - CFD: 09/07/2013 - 18:31:42 - [23,563] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 22/07/2013 - 15:38:40 - [0] ----D C:\Users\familia\AppData\Roaming\.technic
O43 - CFD: 08/07/2013 - 18:50:41 - [0] ----D C:\Users\familia\AppData\Roaming\.terasology
O43 - CFD: 06/02/2014 - 15:10:14 - [0,101] ----D C:\Users\familia\AppData\Roaming\FunmoodsChat =>PUP.Funmoods
O43 - CFD: 29/08/2013 - 22:23:38 - [0,001] ----D C:\Users\familia\AppData\Roaming\LOVE
O43 - CFD: 17/11/2013 - 14:25:46 - [0,626] ----D C:\Users\familia\AppData\Roaming\OTP
O43 - CFD: 18/06/2013 - 16:55:02 - [0,035] ----D C:\Users\familia\AppData\Local\Ares
O43 - CFD: 21/08/2013 - 15:16:13 - [0,008] ----D C:\Users\familia\AppData\Local\CastleMinerZ
O43 - CFD: 18/06/2013 - 18:40:29 - [0,002] ----D C:\Users\familia\AppData\Local\Craften_Dev_Team
O43 - CFD: 19/06/2013 - 13:31:14 - [0,014] ----D C:\Users\familia\AppData\Local\Level Up!
O43 - CFD: 23/06/2013 - 20:08:18 - [110,498] ----D C:\Users\familia\AppData\Local\Roblox
O43 - CFD: 13/07/2013 - 22:38:24 - [0,002] ----D C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
O43 - CFD: 11/09/2013 - 01:01:15 - [0,007] ----D C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 - 2013
O43 - CFD: 19/08/2013 - 23:48:32 - [0,001] ----D C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DigitalDNA Games
O43 - CFD: 16/08/2013 - 23:06:14 - [0,001] ----D C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DigitalDNAGames
O43 - CFD: 07/08/2013 - 16:18:09 - [0,007] ----D C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 08/07/2013 - 18:53:28 - [0] ----D C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hoplon
O43 - CFD: 12/08/2013 - 23:06:15 - [0] ----D C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Level Up! Gerenciador
O43 - CFD: 11/09/2013 - 20:43:34 - [0,002] ----D C:\Users\familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ Program Folder: 288 Legitimates Filtered in 01mn 35s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.6F80F8FA3C6F47A5ABBC0D5FAD6D0D17] - 07/02/2014 - 22:57:45 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_51-b13.log [5306]
O44 - LFC:[MD5.AA17FEE9D7DA9D8C23E45AA4C9DA065E] - 11/02/2014 - 18:23:06 ---A- . (...) -- C:\Windows\win.ini [465]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/02/2014 - 00:24:13 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/02/2014 - 00:24:13 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.2405E54ECDA0C42D642CDB6BB28DABB2] - 15/02/2014 - 15:58:03 ---A- . (...) -- C:\Windows\mixerdef.ini [25]
O44 - LFC:[MD5.15CDF9FC420E9080413950613B9A21B8] - 16/02/2014 - 18:10:42 ---A- . (...) -- C:\tweaking.com_windows_repair_aio.zip [3086390]
O44 - LFC:[MD5.CA2A8AF1DBAD0F31F9B33A2827DFBC16] - 16/02/2014 - 18:15:04 ---A- . (...) -- C:\Windows\tweaking.com-regbackup-FAMILIA-MEGA-Microsoft-Windows-7-Home-Basic-(32-bit).dat [207]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 18/02/2014 - 13:21:59 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.977DCE1A323C85E3B3867914BD78E9DA] - 18/02/2014 - 13:23:47 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [150024]
O44 - LFC:[MD5.546EB342D6999AB8DA63C81E07C53B56] - 18/02/2014 - 13:23:47 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [713160]
O44 - LFC:[MD5.CF56D2F3C5EFF162798128077D24E276] - 18/02/2014 - 13:37:13 ---A- . (...) -- C:\zoek-results.log [26831]
O44 - LFC:[MD5.68EA4197DD9AA7145A1B75E236EC4A4D] - 18/02/2014 - 13:45:25 ---A- . (...) -- C:\Windows\IE11_main.log [6177]
~ Files: 66 Legitimates Filtered in 00mn 05s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browsemngr.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsermngr.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - bundlesweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - cltmngsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta babylon.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - delta tb.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta2.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltainstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltasetup.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltatb.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - deltatb_2501-c733154b.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Trojan.Staser
O50 - IFEO:Image File Execution Options - iminentsetup.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - rjatydimofu.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - sweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - tbdelta.exetoolbar783881609.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
~ IFEO: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{42be816e-8713-11e3-96d6-00158307c7f9}\AutoRun\command. (...) -- G:\iLinker.exe (.not file.)
O51 - MPSK:{6ff8a247-d1fe-11e2-a7c0-806e6f6e6963}\AutoRun\command. (...) -- D:\Setup.exe (.not file.)
O51 - MPSK:{84c7dcb1-d875-11e2-942e-1078d2b4afb9}\AutoRun\command. (...) -- F:\Autorun_By_VictorVal.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O53 - SMSR:HKLM\...\startupreg\Pando Media Booster [Key] . (.No owner - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\familia\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.699EF0FD9AE72B7F5AD756E382C73E0E] - 26/03/2008 - 16:31:26 ---A- . (.DemoForge, LLC - Mirage Driver.) -- C:\Windows\System32\Drivers\dfmirage.sys [34128]
O58 - SDL:[MD5.687AF6BB383885FF6A64071B189A7F3E] - 18/06/2013 - 21:33:45 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [242240]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.8DB0DBDEC7880E81B73B8E7E8E9A666A] - 28/04/2003 - 10:31:18 ---A- . (.OEM - OX16C95x Serial Device Driver.) -- C:\Windows\System32\Drivers\OXSER.SYS [51169]
O58 - SDL:[MD5.7CF40787D0F5C9EC5A3C6C5D3856E29B] - 05/09/2013 - 22:55:04 ---A- . (...) -- C:\Windows\System32\Drivers\PnkBstrK.sys [139280]
O58 - SDL:[MD5.D720E872772D004E304FCE0CE54E1F8A] - 20/08/2013 - 07:02:14 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:[MD5.D2C02234E3E87EA5FE420F045068099B] - 04/06/2013 - 09:15:02 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [181912]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:[MD5.FB6A6BDEC1333F4BC3589A2E02D65D81] - 15/08/2013 - 14:19:52 ---A- . (.TENCENT - TesSafe NT Driver.) -- C:\Windows\System32\TesSafe.sys [406456] =>Adware.TencentAddressBar
~ Drivers: 16 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.475048300F9919381C60A3701430CFD7] [SPRF][31/08/2013] (...) -- C:\Users\familia\AppData\Roaming\PnkBstrK.sys [138904]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{DCBB0E07-C312-4F39-9B8A-D833A4762194}C:\program files\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exe
O87 - FAEL: "UDP Query User{18F4B09D-7695-4977-84F0-4B9F48B59662}C:\program files\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exe
O87 - FAEL: "{7F35AC90-83FE-4F5C-9A73-299E450E1A31}" | In - None - P6 - TRUE | .(...) -- c:\BrickForce\BrickForce.exe
O87 - FAEL: "{EB9AB720-B91F-43A1-ACDF-C89A46070943}" | In - Public - P6 - TRUE | .(.Zepetto - Point Blank.) -- C:\ongame\Pointblank\PointBlank.exe
O87 - FAEL: "{BE221637-46FC-4017-93FB-439DC476C56F}" | In - Public - P17 - TRUE | .(.Zepetto - Point Blank.) -- C:\ongame\Pointblank\PointBlank.exe
O87 - FAEL: "TCP Query User{7A2967A5-7D05-4E02-8FB6-9B0BF3F3B91E}C:\program files\my drivers\mydrivers.exe" | In - Private - P6 - TRUE | .(.Hunter Software - My Drivers.) -- C:\program files\my drivers\mydrivers.exe
O87 - FAEL: "UDP Query User{0FA12ADC-609A-47DC-A7FA-618E8CB62EA2}C:\program files\my drivers\mydrivers.exe" | In - Private - P17 - TRUE | .(.Hunter Software - My Drivers.) -- C:\program files\my drivers\mydrivers.exe
O87 - FAEL: "{41450DFD-8D17-49AF-A063-935758F32280}" | In - Public - P17 - TRUE | .(.Hunter Software - My Drivers.) -- C:\program files\my drivers\mydrivers.exe
O87 - FAEL: "{A201256F-CFE3-4359-A7B6-7DB711152E23}" | In - Public - P6 - TRUE | .(.Hunter Software - My Drivers.) -- C:\program files\my drivers\mydrivers.exe
~ Firewall: 246 Legitimates Filtered in 00mn 01s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\Windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "F650B3461C1698447979D448D601A1A7" . (.King Arthur's Gold.) -- C:\Windows\Installer\{643B056F-61C1-4489-9797-4D846D101A7A}\irrlicht.ico
~ Update Products: 141 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.75297A1AF3AFF36D5EE8C8BA6511CF27] [WIS][27/07/2013] (.THD - King Arthur's Gold.) -- C:\Windows\Installer\555870.msi [26509312]
[MD5.55AE59D648BE8E81535D97ED48D14678] [WIS][18/11/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\5c3c1f.msi [522752]
~ WIS: 142 Legitimates Filtered in 01mn 52s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 05/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/12/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
SS - | Demand 29/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exe
SS - | Auto 18/06/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/06/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/06/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 27/01/2014 571816 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Demand 16/12/2013 247968 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
SR - | Auto 29/11/2013 1664336 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 30/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 11/10/2013 375056 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 31/08/2013 76888 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 11/12/2012 27768 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 01mn 55s



---\\ Scâner Aditional (088)
Database Version : 13031 - (17/02/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Chat] =>PUP.Funmoods^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}] =>Adware.SaveShare
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Users\familia\AppData\Roaming\FunmoodsChat =>PUP.Funmoods^
C:\Windows\Tasks\Funmoods Chat.job =>PUP.Funmoods^
C:\Users\familia\Downloads\SaveAs.exe =>PUP.Offerware
~ Additionnel Scan: 322660 Items scanned in 00mn 47s



---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MoviesToolbar
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BitGuard
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Eazel
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BrowserSafeguard
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.DeltaSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Spyware.ProtectedSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.TencentAddressBar
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SaveShare
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Offerware
~ MSI: 17 link(s) detected in 00mn 47s



~ 1437 Legitimates filtered by white list
End of the scan (614 lines in 05mn 58s)(0)

 Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.2.16.5 par Nicolas Coolman, Update du 16/02/2014
Fichier d'export Registre :
Run by familia at 18/02/2014 16:04:30
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\users\familia\appdata\roaming\updaterex\updateproc\updatetask.exe
AUSENTE Uninstall Process: c:\users\familia\appdata\roaming\funmoodschat\updateproc\updatetask.exe
ELIMINÉ: suaavenshharE e

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\familia\Downloads\SaveAs.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Chat]
ELIMINÉ: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}]
ELIMINÉ: HKCU\Software\TesSafe
ELIMINÉ: O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - browsemngr.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - browsermngr.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - bundlesweetimsetup.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - cltmngsvc.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - delta babylon.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - delta tb.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - delta2.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - deltainstaller.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - deltasetup.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - deltatb.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - deltatb_2501-c733154b.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - iminentsetup.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - rjatydimofu.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - sweetimsetup.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - tbdelta.exetoolbar783881609.exe - tasklist.exe
ELIMINÉ: O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe
ELIMINÉ CLSID MPSK: {42be816e-8713-11e3-96d6-00158307c7f9}
ELIMINÉ CLSID MPSK: {6ff8a247-d1fe-11e2-a7c0-806e6f6e6963}
ELIMINÉ CLSID MPSK: {84c7dcb1-d875-11e2-942e-1078d2b4afb9}
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\617DD6FF01B79624F991FF0BA74CDC59]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\617DD6FF01B79624F991FF0BA74CDC59]
ELIMINÉ: Service: BBSvc
ELIMINÉ: Service: BBUpdate
ELIMINÉ: HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32

========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
ELIMINÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
ELIMINÉ: Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f}
ELIMINÉ: Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\familia\appdata\roaming\microsoft\windows\start menu\programs\3d girlz uninstall.lnk
ELIMINÉ: c:\users\familia\desktop\continue wildtaxi.lnk
ELIMINÉ: c:\windows\tasks\funmoods chat.job
ELIMINÉ: c:\windows\system32\tessafe.sys
ELIMINÉ: c:\program files\microsoft\bingbar\7.3.124.0\bbsvc.exe
ELIMINA REINICIAR: c:\program files\microsoft\bingbar\7.3.124.0\seaport.exe
ELIMINÉ Temporários windows (10) (4.034.391 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {06A4A911-1EDF-43C4-A20F-3AC84AAA52F3}
ELIMINÉ: {2358967C-DB4D-4EDA-BE30-E53751A2B564}
ELIMINÉ: {3C8292D1-2704-454C-BA16-85C7852A8F4B}
ELIMINÉ: {40F2364F-631F-4C8C-87D4-1E32FEEC302F}
ELIMINÉ: {529BE51E-F69E-47B3-A7E2-217C89ED068C}
ELIMINÉ: {5E778914-6CC6-4412-A50A-8DAF6FE445AA}
ELIMINÉ: {6032D8C9-0AAC-425C-A7F3-9E56CBC4ED1D}
ELIMINÉ: {91707DA4-EB1E-4E9F-806E-D2961F3B31E5}
ELIMINÉ: {C06A03E8-E984-4025-B388-81BF3E4C77D2}
ELIMINÉ: {C58B35EB-CF35-472F-BBDE-67C090433DC7}
ELIMINÉ: {EC2A1AD6-589E-449D-8C25-FDAFFFB271BE}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Processo memória
44 : Chaves do Registo
10 : Valores do Registo
1 : Pastas
8 : Ficheiros
3 : Softwares
11 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 00s

========== Caminho do ficheiro do relatório ==========
C:\Users\familia\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/02/2014 16:04:32 [6212]

 Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

Na sua próxima resposta poste este log do Nod32 Online.

Ficamos no aguardo de sua resposta.

Formatei o pc tudo resolvido e levei no especialista !

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.